Headline
CVE-2022-29413: Hermit 音乐播放器
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ??? plugin <= 3.1.6 on WordPress via &title parameter.
- Details
- Reviews
- Support
- Development
This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a full review.
知道该插件已经是好几年前了,之后很少有机会在网上写博客了,所以可能就不会再用到这个插件了,直到前几天又要做个小东西,我想到了这个插件,发现作者还在更新,百感交集,先不谈插件好不好,单单作者这份坚持和用心,就已经打动了我,当然,作者写的插件易用小巧,适用多环境下,这也是我第一次给WordPress widget评价,对作者的坚持表示敬佩和感谢。 PS:如果能支持一下微信小程序就更好了,现在我是通过Webview来使用的,经过简单的模板适配,依然适用!
用了两年了,作者一直有在不断更新!这是目前能用的到的最简洁、美观、实用的音乐播放插件,支持网易和虾米。虽然还有一部分音乐版权在QQ音乐手上,但是已经知足了,毕竟同类可以调用三者的插件UI简直辣眼睛。
Read all 4 reviews
“Hermit 音乐播放器” is open source software. The following people have contributed to this plugin.
Contributors
- mu feng