![]() If there’s none, it will restrict the access by default to users who can edit posts, a capability available to low-privileged users such as contributors. It expects an optional user capability as an argument. This tab, as well as the third one, “Sytem Status”, are loaded by calling the addSubmenuPage method from the “visualcomposer/visualcomposer/Modules/Settings/Traits/SubMenu.php” script: protected function addSubmenuPage($page, $parentSlug = 'vcv-settings') ![]() Among the three available tabs, “CSS, HTML & JavaScript”, which is accessible at “/wp-admin/admin.php?page=vcv-global-css-js”, allows to inject CSS, JavaScript or HTML code into every page’s header and/or footer: The administrator can configure the plugin from its “Settings” page in the backend. The WordPress Visual Composer plugin (80,000+ active installations) fixed multiple authenticated stored XSS vulnerabilities.Īffected versions are 25.0 and below and, to some extend, version 26.0 (see Timeline below for more details).
0 Comments
Leave a Reply. |