Summary
This host is installed with Wordpress WP-Members Plugin and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to version Wordpress WP-Members Plugin 2.8.10 or later, For updates refer to http://wordpress.org/plugins/wp-members
Insight
Flaws are due to input sanitation errors in multiple GET and POST parameter.
Affected
Wordpress WP-Members Plugin version 2.8.9, Other versions may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability