Description

Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.

Remediation

References

CVE-2007-6677

Related Vulnerabilities

YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)

WordPress Plugin Microblog Poster SQL Injection (1.6.1)

MySQL CVE-2014-0412 Vulnerability (CVE-2014-0412)

Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)

Severity

Medium

Classification

CVE-2007-6677 CWE-707

Tags

Missing Update Known Vulnerabilities