Support Forum

Welcome Guest 

Show/Hide Header

Welcome Guest, posting in this forum requires registration.

NOTE : Due to personal issue, this Ultimate WP Query Search Filter Plugin is no longer under development. Thanks for the support over the years.

Anyone that come across this page that want to find a realible saerch plugin, here are the list of potential replacements.

Plugin author will no longer giving support here, however you can still asking for help from other users here.
Pages: [1]
Author Topic: XSS on parameter "skeyword"
Posts: 1
Post XSS on parameter "skeyword"
on: December 17, 2015, 01:24

There is a XSS on search form on parameter "skeyword"
I have checked it on latest version 1.0.10 and I am not sure about previous versions
You can see 2 demo URLs


Posts: 530
Post Re: XSS on parameter "skeyword"
on: December 18, 2015, 16:32

Actually when the skeyword will be sanitized during search. The problem is when you printing the search keyword on the search result page. The fix will be when you printing the search terms, you will have to sanitized it with esc_html(); eg



esc_html( get_search_query( false ) ) ;

New Add-On Plugins for Ultimate WP Query Search Filter has been released! Check it out now.

Buy Me A Beer! Thanks

Pages: [1]