This host is running WordPress with Pretty Link Lite plugin and is prone to sql injection and cross site scripting vulnerabilities.

Successful exploitation will allow remote attackers to cause SQL Injection attack and gain sensitive information or insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade to Pretty Link Lite Plugin version 1.5.4 or later, For updates refer to http://wordpress.org/extend/plugins/pretty-link/

The flaws are due to improper validation of user-supplied input to, - 'url' parameter to pretty-bar.php script and 'k' parameter to rli-bookmarklet.php script. - 'page' parameter to '/wp-admin/admin.php', which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

WordPress Pretty Link Lite Plugin version 1.5.2 and prior

• http://packetstormsecurity.org/files/112693/wpprettylinklite-sqlxss.txt
• http://secunia.com/advisories/47121
• http://www.securelist.com/en/advisories/47121
• http://xforce.iss.net/xforce/xfdb/75630

---

Updated on 2015-03-25