Summary
The host is running WordPress Register Plus Redux Plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site or obtain sensitive information.
Impact Level: Application
Solution
Upgrade to WordPress Register Plus Redux Plugin version 3.8 or later, For updates refer to http://wordpress.org/extend/plugins/register-plus-redux/
Insight
The flaws are due to,
- Improper validation of input passed to 'wp-login.php' script (when 'action' is set to 'register').
- A direct request to 'dashboard_invitation_tracking_widget.php' and 'register-plus-redux.php' allows remote attackers to obtain installation path in error message.
Affected
WordPress Register Plus Redux Plugin 3.7.3.1 and prior.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability