[theme-reviewers] Security issues in MesoColumn
Joe Hoyle
joehoyle at gmail.com
Sun Oct 27 13:44:06 UTC 2013
Hey,
I was reviewing http://themes.trac.wordpress.org/ticket/14989 and decided to check out the whole theme for a review. Without being too specific, the theme does not sanitize any options that are saved through it’s Theme Options pane, allows SQL injection and possible XSS. I was going to put the details on the ticket, however as this theme is already live I didn’t want to disclose it in detail there.
I have a more in-detail report if a member of the team wants to proceed (however that may work).
Thanks--
Joe Hoyle
Sent with Sparrow (http://bit.ly/sigsprw)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20131027/cc4832f5/attachment.html>
More information about the theme-reviewers
mailing list