Dameian

I had a similar issue with it breaking Gravity Forms on a client site. The fix is pretty easy.

Here’s how I patched it:

Open pin-it-on-pinterest/js/backend.js, and go to line 26. Basically, you just need to reverse the order of lines 26 and 27.

Replace this:

var html=jQuery(response);
if (Pinterest.is_upload) {

With this:

if (Pinterest.is_upload) {
var html=jQuery(response);

Once you do that, it should work exactly the same and play nicely with other plugins/themes that also use window.send_to_editor.

I hope this helps! It worked perfectly for my client ??

@justsandn – I know it has been a few weeks, but would you be able to provide any supporting info related to your case that can be used to potentially help identify the location of the vulnerability? Themes and plugins installed at the time, etc? It would be greatly appreciated. I’ve just uncovered this exact same exploit on a client’s site and want to do all I can to help her and try to shine more light on this to potentially benefit others.

Thesis users – There is no need to edit your Thesis core files as bobking has suggested.

The fix is very simple using one of Thesis’ built-in filters. Just put this in your custom/custom_functions.php file:

function filter_comment_text($output) {
return apply_filters(‘comment_text’,$output);
}
add_filter(‘thesis_comment_text’,’filter_comment_text’);

Done!

I realize this is a bit late, but I was having the same issue and this very simple fix posted by Andrew Gail worked for me:

https://www.andrewgail.com/wordpress-autosave-and-custom-fields/

I thought I’d post it here in case some one facing a similar issue finds this thread.