由于缺少特殊字符的过滤,认证用户在插件配置中可以进行XSS攻击
具体信息已经由patchstack披露:
https://patchstack.com/database/vulnerability/alpine-photo-tile-for-pinterest/wordpress-alpine-phototile-for-pinterest-plugin-1-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability
莆田SEO网络安全研究
由于缺少特殊字符的过滤,认证用户在插件配置中可以进行XSS攻击
具体信息已经由patchstack披露:
https://patchstack.com/database/vulnerability/alpine-photo-tile-for-pinterest/wordpress-alpine-phototile-for-pinterest-plugin-1-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability