Publicly reported XSS vulnerability, what’s the status of the plugin? | WordPress.org

Resolved Daniel Koskinen
(@daniel-koskinen)

8 years, 2 months ago

Hi,

There was a publicly released vulnerability in your plugin, details here: https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_google_analytics_dashboard_wordpress_plugin.html

The report says there is no fix available, but the tested version was 2.1.1.

Have you got an update on that?

Viewing 2 replies - 1 through 2 (of 2 total)

Alin Marcu
(@deconf)

8 years, 2 months ago

Hi Daniel,

That report is about a different plugin. The name of this plugin is Google Analytics Dashboard for WP, also called GADWP, unrelated with the one mentioned in the report.

I really need to figure out a unique name for it, to avoid confusion. It’s getting harder and harder to distinguish it from others (since there are so many plugins with similar names out here).

Thanks again for bringing it to our attention, even if it’s unrelated.

Thread Starter Daniel Koskinen
(@daniel-koskinen)

8 years, 2 months ago

How embarrassing. I’m sorry I added to the confusion! Good to know we don’t need to start replacing your plugin then 🙂

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Publicly reported XSS vulnerability, what’s the status of the plugin?’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: Daniel Koskinen
Last activity: 8 years, 2 months ago
Status: resolved