Ajuda Para corrigir Vulnerabilidade no Plugin Total Security
-
O plugin foi bloqueado devido a 2 vulnerabilidades encontrado por: pluginvulnerabilities.com descrição:
persistent cross-site scripting vulnerability
https://www.pluginvulnerabilities.com/2016/07/18/persistent-cross-site-scripting-xss-vulnerability-in-total-security/and a settings change vulnerability
https://www.pluginvulnerabilities.com/2016/07/18/settings-change-vulnerability-in-total-security/dica para o problema:
For the persistent cross-site scripting (XSS) vulnerability, the information on sanitizing and escaping user input data is at http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data.
For the settings change vulnerability, the way saving settings is usually in a plugin is through code at the beginning of the code that generates the settings page instead of how you are doing it. That way only someone that can access that page can save settings. You also want to make sure to protect against cross-site request forgery (CSRF) when doing that, https://codex.wordpress.org/WordPress_Nonces.
Infelizmente estou sem tempo para resolver esse problema, quem corrigir darei o credito no plugin.
- O tópico ‘Ajuda Para corrigir Vulnerabilidade no Plugin Total Security’ está fechado para novas respostas.