Summary
This host is installed with WordPress Universal Post Manager Plugin and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to version 1.1.1 or later,
For updates refer to http://wordpress.org/extend/plugins/universal-post-manager
Insight
The flaws are due to input validation error in 'num' parameter in '/wp-content/plugins/universal-post-manager/template/email_screen_1.php' and '/wp-content/plugins/universal-post-manager/template/email_screen_2.php' and 'number' parameter in '/wp-content/plugins/universal-post-manager/templ ate/bookmarks_slider_h.php', which is not properly sanitized before being returned to the user.
Affected
WordPress Universal Post Manager Plugin Version 1.0.9
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability