Security Issue In Masonry Plugin

Home Forums Lite Version Security Issue In Masonry Plugin

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • July 6, 2015 at 4:23 pm #6048 Reply
    J.G.
    Guest

    FYI: You are making calls directly to URL’s in the wp-admin directory from your plugin. This is considered by many to be a poor security practice and can cause problems on WordPress sites with some security configurations. For example, your plugin doesn’t work in my site because I have additional security on that directory.

    The specific call is to
    http://[site]/wp-admin/admin-ajax.php?action=wml_load_posts&shortcodeId=2&pageNumber=1&randSeed=xxxxxxxx

    And results in a “Failed to load resource: the server responded with a status of 401 (Unauthorized)” error if there is security on that directory.

    July 7, 2015 at 6:54 pm #6064 Reply
    Masonry Guy
    Keymaster

    Hi JG,

    Thank you so much for pointing out this. I will check into this in details.

    Do you have any suggestion as a solution ? I can see that most of the plugin use this method and even wordpress has documented this for ajax call.

    Thanks

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
Reply To: Security Issue In Masonry Plugin
Your information: