Researchers claim five plugins use function insecurely – but some maintainers disagree
UPDATED A hugely popular GDPR compliance plugin for WordPress contained an authenticated, persistent cross-site scripting (XSS) vulnerability related to the insecure use of PHP’s function, according to security researchers.
As a result, the CookieYes GDPR Cookie Consent & Compliance Notice plugin, which has more than one million active installations, no longer uses the function in the shortcodes module, as per a software update released today (September…
More Info
