Summary
This host is installed with WordPress WP Photo Album Plus Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.
Impact Level: Application
Solution
Upgrade to WordPress WP Photo Album Plus Plugin version 4.8.12 or later. For updates refer http://wordpress.org/plugins/wp-photo-album-plus/
Insight
Input passed via the 'wppa-searchstring' parameter to index.php (when page_id is set to the Search Photos page) is not properly sanitised before it is returned to the user.
Affected
WordPress WP Photo Album Plus Plugin version 4.8.11 and prior
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- aeNovo Database Content Disclosure Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability