You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 22, 2021. It is now read-only.
Describe the bug
An XSS vulnerability targeting the plugin multiple domain and is being actually exploited in the wild
Faulty lines :
multiple-domain/multiple-domain/MultipleDomain.php
Lines 882 to 886 in 51691cb
multiple-domain/multiple-domain/MultipleDomain.php
Lines 895 to 898 in 51691cb
$url
should be encoded usinghtmlentities(urlencode($url))
To Reproduce
Steps to reproduce the behavior:
www.yourwordpresswebsite.com/;>"'><script>alert(1)</script>&type=
Expected behavior
Output should be encoded to prevent xss
The text was updated successfully, but these errors were encountered: