Improve Registration form security EE4

Posted: November 17, 2014 at 3:47 pm

November 17, 2014 at 3:47 pm

Wordpress v4.0 EE4
I have been involved in a security review of the site that I am using Event Espresso on and have been made aware that the Registration form will actually accept <script> as a valid entry. Is there a way to make this more secure so that it won’t accept possibly malicious content?

Josh

Support Staff

November 17, 2014 at 5:00 pm

Hi Adele,

The registration form inputs get completely sanitized so if someone tries to inject a script on a registration form page, their nasty script tags get stripped out.

If you are seeing something else, please by all means outline how to reproduce the issue on our private submit a security vulnerability form and we can investigate.

The support post ‘Improve Registration form security EE4’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.



Event Espresso Premium
Attendee Mover Add-on
Automated Event Notifications Add-on
Events Calendar Add-on
MailChimp Integration
Multiple Event Registration Add-on
Printable Tickets Add-on
Wait List Manager Add-on
WordPress User Integration

Support

Improve Registration form security EE4

Topic Tags

Notifications