XPath injection

  • Resolved WPninja

    (@rohitsapna)


    11 months ago

    The URL path filename appears to be vulnerable to XPath injection attacks. The payload ‘ was submitted in the URL path filename, and an XPath error message was returned.

    /wpcontent/plugins/popupmaker/assets/js/site.min.js

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Daniel Iser

    (@danieliser)

    @rohitsapna – Can you please submit a ticket on our website with full details? I’m not even sure I understand what your claiming or how it could be attacked without more context, and best to not disclose it publicly right away if there really is an issue, at least until the patch is released to the masses.

    https://wppopupmaker.com/report-security-vulnerability/

    Plugin Author Daniel Iser

    (@danieliser)

    Also, our plugin file path would be popup-maker, not popupmaker, so I’m really not sure what I’m looking at. Look forward to your email.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘XPath injection’ is closed to new replies.