Summary
This host is installed with Wordpress AnyFont Plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
No solution or patch is available as of 9th February, 2015. Information regarding this issue will updated once the solution details are available.
For updates refer to http://www.wordpress.org/plugins
Insight
Input passed via the 'text' HTTP GET parameter to mce_anyfont/dialog.php script is not properly sanitised before returning to the user.
Affected
WordPress AnyFont plugin version 2.2.3 and earlier.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-4515 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability
- aeNovo Database Content Disclosure Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities