Summary
This host is installed with WordPress Universal Post Manager Plugin and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to version 1.1.1 or later,
For updates refer to http://wordpress.org/extend/plugins/universal-post-manager
Insight
The flaws are due to input validation error in 'num' parameter in '/wp-content/plugins/universal-post-manager/template/email_screen_1.php' and '/wp-content/plugins/universal-post-manager/template/email_screen_2.php' and 'number' parameter in '/wp-content/plugins/universal-post-manager/templ ate/bookmarks_slider_h.php', which is not properly sanitized before being returned to the user.
Affected
WordPress Universal Post Manager Plugin Version 1.0.9
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities June-09