WordPress Plugin CformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities Network Vulnerability

Summary

This host is running cformsII WordPress Plugin and is prone to multiple HTML injection vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary code in the context of the application. Impact Level: Application

Solution

Upgrade to cforms Version 11.6.1 or later. For updates refer to http://www.deliciousdays.com/cforms-plugin/

Insight

The flaws are caused by improper validation of user-supplied input passed via the 'rs' and 'rsargs' parameters to wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute arbitrary HTML and script code on the web server.

Affected

WordPress plugin cforms Version 11.5 and earlier.

References

http://secunia.com/advisories/42006
http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/
http://xforce.iss.net/xforce/xfdb/62938

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3977
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Allaire JRun directory browsing vulnerability
123 Flash Chat Multiple Security Vulnerabilities

WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities

Take action and discover your vulnerabilities