Summary
This host is running WordPress Slideshow Plugin and is prone to cross site scripting and full path disclosure vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site and to gain sensitive information like installation path location.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
- Input passed via the 'randomId', 'slides' and 'settings' parameters to views/SlideshowPlugin/slideshow.php, 'settings', 'inputFields' parameters to views/SlideshowPluginPostType/settings.php and views/SlideshowPluginPostType/style-settings.php is not properly sanitised before being returned to the user.
- Direct request to the multiple '.php' files reveals the full installation path.
Affected
WordPress Slideshow Plugin version 2.1.12
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability