Summary
This host is installed with WordPress EnvialoSimple Plugin and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to version 1.98 or higher,
For updates refer to http://wordpress.org/plugins/envialosimple-email-marketing-y-newsletters-gratis
Insight
Flaw is due to the paginas/vista-previa-form.php script does not validate input to the 'FormID' and 'AdministratorID' GET parameters before returning to the users.
Affected
WordPress EnvialoSimple: Email Marketing and Newsletters Plugin version 1.97, and possibly prior.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-4527 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities