CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.

CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.

issue where malicious users might inject malicious code into the comments. The WPBakery Visual Composer plugin though has an additional setting that can be enabled to sanitise and escape the output of a posted comment before it is sent back to the user. This setting is called WPBakery Safe Draggable Comments and can be enabled by going to Settings > WPBakery Visual Composer > Comment Options. By enabling this setting, any user input will be sanitised and escaped before being output in a comment. This helps to prevent Cross-Site Scripting issues when posting comments.

What is Cross-Site Scripting?

Cross-Site Scripting (XSS) is a type of computer security vulnerability where malicious users might inject malicious code into the comments. The WPBakery Visual Composer plugin though has an additional setting that can be enabled to sanitise and escape the output of a posted comment before it is sent back to the user. This setting is called WPBakery Safe Draggable Comments and can be enabled by going to Settings > WPBakery Visual Composer > Comment Options. By enabling this setting, any user input will be sanitised and escaped before being output in a comment. This helps to prevent Cross-Site Scripting issues when posting comments.

WPBakery Visual Composer - Dashboard Settings

The WPBakery Visual Composer plugin has a setting called WPBakery Safe Draggable Comments. This setting can be enabled to help prevent Cross-Site Scripting issues when posting comments.
To enable this setting, go to Settings > WPBakery Visual Composer > Comment Options. From the drop-down menu, select the option "Sanitise and Escape Output For All Posts."

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe