CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.
issue where malicious users might inject malicious code into the comments. The WPBakery Visual Composer plugin though has an additional setting that can be enabled to sanitise and escape the output of a posted comment before it is sent back to the user. This setting is called WPBakery Safe Draggable Comments and can be enabled by going to Settings > WPBakery Visual Composer > Comment Options. By enabling this setting, any user input will be sanitised and escaped before being output in a comment. This helps to prevent Cross-Site Scripting issues when posting comments.
What is Cross-Site Scripting?
Cross-Site Scripting (XSS) is a type of computer security vulnerability where malicious users might inject malicious code into the comments. The WPBakery Visual Composer plugin though has an additional setting that can be enabled to sanitise and escape the output of a posted comment before it is sent back to the user. This setting is called WPBakery Safe Draggable Comments and can be enabled by going to Settings > WPBakery Visual Composer > Comment Options. By enabling this setting, any user input will be sanitised and escaped before being output in a comment. This helps to prevent Cross-Site Scripting issues when posting comments.
WPBakery Visual Composer - Dashboard Settings
The WPBakery Visual Composer plugin has a setting called WPBakery Safe Draggable Comments. This setting can be enabled to help prevent Cross-Site Scripting issues when posting comments.
To enable this setting, go to Settings > WPBakery Visual Composer > Comment Options. From the drop-down menu, select the option "Sanitise and Escape Output For All Posts."
Timeline
Published on: 11/14/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:06:00 UTC