Description
WordPress Plugin WP Symposium is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin WP Symposium version 14.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 14.11 or latest
References
http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html
http://www.exploit-db.com/exploits/35505/
Related Vulnerabilities
Caddy Web Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
OpenSSL Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2023-0286)
WordPress Plugin Social Review includes Backdoor [Only if downloaded via the vendor website] (1.0.8)
WordPress 4.5.x Arbitrary File Deletion Vulnerability (4.5 - 4.5.14)
WordPress Plugin Cool Video Gallery Cross-Site Request Forgery (1.8)