XSS flaw – high level security issue

Same as @prandrews73. It also makes me nervous. Thanks

I also am concerned about this… Please fix soon… Wordfence has this to say about it:

WP Categories Widget <= 2.2 – Reflected Cross-Site Scripting

Description
The WP Categories Widget plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in the wcw_terms_list() function called via an AJAX action in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

References
patchstack.com
plugins.trac.www.ads-software.com

Hi @prandrews73 @crzyhrse @em-m , we are sorry to hear that you are facing issues due to our plugin. Your feedback is most valuable for us to make our plugin more secure and smooth, so thanks to all for your valuable le feedback. You all can contact us at [email protected] to resolve such security issues on priority basis. Issue was coming only for admin area so without login in admin spam user can’t access the ajax based url so don’t worry we are here always to caring you. But Anyway we have fixed the “Cross-site-Scripting” issue and released new version with some advance features. currently our plugin is under review for security checkup. please update the plugin when it will be ready for download.

Thanks again for your valuable feedback.

Thanks

Raghu
https://www.wp-experts.in

Many thanks Raghu ??

Hi @prandrews73 @em-m @crzyhrse , thanks for your patience. Our plugin was restored with latest version and I hope you all have updated with latest version and enjoying our plugin.

Thanks again for your valuable feedback. I would request you to leave your valuable feedback by giving best rate to our plugin.

Thanks
Raghu

• This reply was modified 1 year, 5 months ago by Raghunath Gurjar.