Summary
This host is installed with WordPress WP Photo Album Plus Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.
Impact Level: Application
Solution
Upgrade to WordPress WP Photo Album Plus Plugin version 4.8.12 or later. For updates refer http://wordpress.org/plugins/wp-photo-album-plus/
Insight
Input passed via the 'wppa-searchstring' parameter to index.php (when page_id is set to the Search Photos page) is not properly sanitised before it is returned to the user.
Affected
WordPress WP Photo Album Plus Plugin version 4.8.11 and prior
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities