Vulnerability & Security Problem Found

Hi Liz,

Okay, the report says – “The “logo_url” field does not validate <script> tags and does not perform output encoding.”

No Problem, We will fix this in next update by adding esc_url like below:

<input type="text" class="pro_text" id="log-url" name="log-url" placeholder="<?php _e('Logo URL','WEBLIZAR_ACL')?>" size="56" value="<?php echo $logo_url; ?>"/>

Fixed:

<input type="text" class="pro_text" id="log-url" name="log-url" placeholder="<?php _e('Logo URL','WEBLIZAR_ACL')?>" size="56" value="<?php echo esc_url($logo_url); ?>"/>

But, the question is arising: Why an admin try to hack own site coz this setting access only for admin of site?

Thanks

Thank you Sweetie, Glad I was able to be in the right place at the right time to notice it for you! And It’s an awesome plugin really beautiful you’ve done a brilliant job, I think it’s a very classy plugin, thanks for the quick response, I was just hoping I could help. ??

when you mention “but the question is arising” Why an admin try to hack own site coz this setting access only for admin of site? ….

I don’t know Sweetie, I’ll take your word for it, I have no clue what the code means!

Thanks so much @liz for posting this feedback.

Oops!! forgot to mention one reason I just thought of, it’s just that it shows up in word fence results as a vulnerability and while playing with google analytics, where I have just added this site as a property on console console, Google is also showing a vulnerability, so not sure if it may be an issue or not for those who are following up with google search console list of issues to help improve a sites,
I’m looking forward to the next update when you have time ??

All the best Liz ??