WordPress NewsLetter Plugin Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running WordPress with NewsLetter plugin and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Wordpress Newsletter Plugin version 3.2.7 or later, For updates refer to http://wordpress.org/extend/plugins/newsletter

Insight

The input passed via 'alert' parameters to '/wp-content/plugins/newsletter/subscription/page.php' script is not properly sanitised before being returned to the user.

Affected

Wordpress Newsletter Plugin 3.2.6 and prior

References

http://cxsecurity.com/issue/WLB-2013050125
http://packetstormsecurity.com/files/121634
http://secunia.com/advisories/53398
http://www.osvdb.com/93421

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

Take action and discover your vulnerabilities