XXS hack ? please fix this

Viewing 3 replies - 1 through 3 (of 3 total)

  • As mentioned in one of the other threads about this issue, it isn’t a vulnerability. So something else must be causing the issue you are having with those websites.

    Thread Starter Majklas

    (@majklas)

    well, 3 websites on same server has this plugin, others don’t and those three are reported with malicious files.

    As mentioned in the other thread on this issue, it would only allow Editor and Administrator level user to the do equivalent of something they are already normally allowed to do involving JavaScript code. The bug isn’t doesn’t involve file upload or file modification code, so something else must have allowed the malicious files on to the website.

    Usually evidence of how a website has been hacked would show up in the HTTP or FTP log files for the website, have you reviewed those yet?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘XXS hack ? please fix this’ is closed to new replies.