XSS Vulnerability?

  • I have sitelock on my website and I received an alert this morning that there is an XSS vulnerability on /lostpassword/?error=invalidkey. It looks like all the other theme my login generated pages are clean and free. Is this a vulnerability within the plugin and is it something that will be fixed in the near future? To be safe I’m disabling the plugin until I hear otherwise. Thank you

    https://www.ads-software.com/plugins/theme-my-login/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    If you’ve found a vulnerability, please send me the details to jeff [at] jfarthing [dot] com.

    Plugin Author Jeff Farthing

    (@jfarthing84)

    There’s really no way for it to be vulnerable. All that form does is check the database againt the form field. It doesn’t save anything.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘XSS Vulnerability?’ is closed to new replies.

Tags