It is designed to take information from the URL and append it into the content of the page using a simple shortcode.
Example of URL: String: /?keyword=This is a test
Example of plugin shortcode: [dki]
Using the above I can use the URL to dictate content on the page:
Notice 'This is a test' is now appended as a paragraph on the page.
Unfortunately, this also opens up an XXS attack vector:
Looks like the plugin has no inbuilt data sanitising.
I'm looking for a developer that can quickly roll out a fix for the plugin and provide details note on how to replicate their fix on a third party site.
The plugin has been uploaded as part of this job. Additionally, I can give FTP/user details for the above test site.
Daniel T.100% (7)
Create an account now and send a proposal now to get this project.Sign up
Clarification Board Ask a Question
Dan, could you please share your website link?Daniel T.27 Sep 2018
Hi Henry, it's http://dtodd.uk/.
As mentioned you can test the functionality with this code:
I can also provide logins.Henry C.27 Sep 2018
Please share the login details as well.