WordPress Rokbox Plugin Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with WordPress Rokbox Plugin and is prone to multiple vulnerabilities.

Impact

Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site and to gain sensitive information like installation path location. Impact Level: Application

Solution

Upgrade to the WordPress Rokbox Plugin version 2.1.3, For updates refer to http://www.rockettheme.com/wordpress-downloads/plugins/free/2625-rokbox

Insight

Flaws are due to an improper validation of user supplied inputs to the 'src' parameter in 'thumb.php' and 'aboutlink', 'file' and 'config' parameters in 'jwplayer.swf'.

Affected

WordPress Rokbox Plugin versions using TimThumb 1.16 and JW Player 4.4.198

References

http://packetstormsecurity.org/files/118884/wprokbox-shellspoofdosxss.txt
http://websecurity.com.ua/6006/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Athena Web Registration remote command execution flaw
4psa Voipnow Local File Inclusion Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
AdMentor Login Flaw

Take action and discover your vulnerabilities