New Blog Templates

Allows the site admin to create new blogs based on templates, to speed up the blog creation process

More information »

No issues found

Confidence: Medium This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe.

More information about this recommendation

Findings

  • Does not escape all HTML (for example the Template Name field) (capability required appears to be manage_network)
  • For some reasonĀ it attempts to strip SCRIPT tags out of template and category descriptions with regular expressions (blogtemplatesfiles/admin/categories_menu.php line 138, blogtemplatesfiles/admin/main_menu.php line 417). It doesn’t work because you can just use `<img onerror=”alert(3)” src=””>` instead. It’s unclear what it’s attempting to prevent
  • No other issues found

We conduct these inspections for our own use, and publish them in the hope that they may be useful to others. We don't guarantee that these findings are correct.

Please read this site's terms of service before taking any action based on information published here.

Testers
Tom Adams
Last revised
June 20, 2017
Versions tested
2.8.3
Plugin homepage
New Blog Templates
Other versions

None listed