• Resolved Serkan

    (@slmdesign)


    Hi,

    An alert box has been appearing on a (WP) website of my client for a few weeks; I have already found out why. This happens because a funny person has put a <script>alert</script> into one of the input fields.
    I have removed it from the database currently; but, how is it possible to disable this function?

    [removed by mod] Here the link to the website with the petition if necessary.

    Thanks in advance
    Serkan

    https://www.ads-software.com/extend/plugins/speakup-email-petitions/

Viewing 4 replies - 1 through 4 (of 4 total)
  • It’s not a good idea to advertise a link to an active xxs vulnerability on your own site. I’d suggest not using the plugin until the vulnerability is patched.

    I realize that you didn’t recognize it at the onset but generally speaking it’s better to notify plugin authors privately regarding security vulnerabilities rather than posting about them in a public setting.

    Hopefully a mod will see this and remove the link (modlook attached)

    Thread Starter Serkan

    (@slmdesign)

    You’re right, I haven’t thought about it.

    Plugin Author Kreg Wallace

    (@kreg)

    This is fixed now – see version 2.4.2

    Thread Starter Serkan

    (@slmdesign)

    Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘How to disable "script-tags" in a input field? – Alert box problem’ is closed to new replies.