Codeinwp/wp-maintenance-mode

Bot Susceptible to XSS

Opened this issue · 3 comments

Susceptible to XSS:

<w="/x="y>"/ondblclick=`<`[confir\u006d`test`]>Test

Hi @thehappydinoa thanks for pointing out, we will look at it asap.

I confirm the robot has this bug, and it is possible to create a condition, that for example, for fields that the user can fill, that if characters like"< >" are entered, it returns an error?

A little bit late, but the issue is finally solved in release 2.2.4. I've decided to strip all HTML tags from user responses.

https://github.com/Designmodocom/WP-Maintenance-Mode/releases/tag/2.2.4