Security Vulnerabilities

  • Resolved root.me

    (@rootme)


    9 years, 3 months ago

    Hey, I just installed your plugin but you have not properly sanitized the data being taken from the user in the plugin admin panel , the image and the text you take from user and directly input into the database is not a good practice , please make sure That you filter the data before inputting it to the database

    https://www.ads-software.com/plugins/spiffy-calendar/

Viewing 3 replies - 1 through 3 (of 3 total)

  • Thank you for your feedback. I am currently making several updates to the plugin and improved back-end processing is on the list.

    If you would like a version with sanitized input, please consider using the current development version.

    This version contains these additions at this time:

    – Use WordPress Media uploader for event image specification
    – Deleting an event will no longer delete the associated image, it will remain in the Media Library
    – Use WordPress color picker for category color configuration
    – Add colgroup to display category key in smaller size in html5
    – Update default CSS to better fit long titles
    – Run all input/output through WordPress sanitation functions

    Version 2.0.0 has been released with these changes.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Vulnerabilities’ is closed to new replies.