This thread is over two years old and may be outdated. Please create a new thread if you need help, or email us if you have an active Premium license.

Script tags allowed in editor widget

Open 1 reply bug-reportthemetheme-vantage
Raja Mohammed
8 years ago · Last reply by Alex S 8 years ago

I have been playing around with Siteorigin and found that the text editor allows script tags which in most case is a vulnerability. the scripts is also not stripped off in WP main editor as well. !
Version 2.6.0
widget 1.11.2
Theme vantage

After reading through the forum it seems siteorigin allowed it intentionally but what kind of security has been done ? .

This is our free support forum. Replies can take several days.

Need fast email support? Get SiteOrigin Premium

Replies

1
  1. Alex S Staff 8 years, 1 month ago

    Hi Raja,

    Only users with the correct permission (specifically unfiltered_html) are able to add script tags via WordPress (regardless of SiteOrigin Page Builder or not). This is a standard WordPress capability and should only be given to users who need such permissions (which are typically admin users).

Replies on this thread are closed.

Please create a new thread if you have a question, or purchase a SiteOrigin Premium license if you need one-on-one email support.

Have a different question or issue?

Start New Thread