[wp-trac] [WordPress Trac] #33171: XSS in Plugin WP-PageNavi
WordPress Trac
noreply at wordpress.org
Wed Jul 29 09:55:38 UTC 2015
#33171: XSS in Plugin WP-PageNavi
--------------------------+-----------------------------
Reporter: khalil_haf | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
'''I used a developed tool by me which can scan and detect bugs in plugins
i found that there is an XSS bug in WP-PageNavi'''
== Userinput reaches sensitive sink when function _print() is called.
40: echo echo ", $argc";
22: ⇓ function _print($tag, $callback, $prio, $argc)
requires:
36: if($prio != 10 || $argc > 1)
39: if($argc > 1)
22: ⇓ function _print($tag, $callback, $prio, $argc) ==
This is the scan result with the path of site.com/wp-
pagenavi/scb/Hooks.php
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33171>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list