Google flagging a VULNERABILITY | WordPress.org

Jennifer Moss
(@mossifer)

4 months, 3 weeks ago

Google is flagging this plugin has a vulnerability. Do you have plans to patch it?

Viewing 3 replies - 1 through 3 (of 3 total)

funex
(@funex)

4 months, 2 weeks ago

I, too, would like to know. Wordfence is flagging is as critical.
For info:

WP Subtitle <= 3.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

Vulnerability Severity: 6.4/10.0 (Medium)

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-subtitle/wp-subtitle-341-authenticated-contributor-stored-cross-site-scripting

Keryn
(@b-summers)

4 months ago

Following this thread as well, would like to know if a fix is coming.

Nick Ciske
(@nickciske)

1 week, 6 days ago

WP Subtitle <= 3.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

I think the line in question is in includes/subtitle.php, line 126:

return update_metadata( 'post', $this->post_id, $this->get_post_meta_key(), $subtitle );

That puts the raw subtitle into the DB which could contain Javascript code… and if not escaped when output … you get Stored Cross-Site Scripting…

Adding a sanitize_text_field should address the issue as it strips all tags:

return update_metadata( 'post', $this->post_id, $this->get_post_meta_key(), sanitize_text_field( $subtitle ) );

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

5 replies
4 participants
Last reply from: Nick Ciske
Last activity: 1 week, 6 days ago
Status: not resolved