XSS vulnerability

  • GREAT PLUGIN, thank you! – My security plugin warns about this:

    “#Wordpress Rich Table of Contents plugin <= 1.3.7 – Contributor+ Stored XSS vulnerability
    -Vulnerability type: Cross Site Scripting (XSS)
    -No Update Available”

    Is the author open and able to provide a fix for this?
    We need to know, as we might want to switch to another plugin, which I prefer not to do.

    THANKS again for your GREAT plugin!

    Peter

Viewing 1 replies (of 1 total)

  • On the description page, it says “This plugin has been closed as of January 18, 2023 and is not available for download. This closure is temporary, pending a full review.” for a few days now.

    This means the fixed version is scheduled to be available at some point, after WP team review is done. Until then use some WAF solutions to prevent further risks, or just download 1.3.8 from trac, and manually update the latest version before the review.

    (Updating plugin without WP reivew may not be a good idea, but solves your problem…)

Viewing 1 replies (of 1 total)
  • The topic ‘XSS vulnerability’ is closed to new replies.