Summary
This host is installed with WordPress CartPress plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to WordPress CartPress Plugin 1.1.7 or higher, For updates refer to http://wordpress.org/extend/plugins/thecartpress/download/
Insight
The flaw is due to an input validation error in the 'tcp_post_ids[]' parameter in '/wp-content/plugins/thecartpress/admin/OptionsPostsList.php' when processing user-supplied data.
Affected
WordPress CartPress Plugin version 1.1.6 and prior.
References
Updated on 2015-03-25