Summary
This host is installed with WordPress SI CAPTCHA Anti-Spam Plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available.
For updates refer to http://wordpress.org/plugins/si-captcha-for-wordpress
Insight
Input passed to si-captcha-for-wordpress/captcha-secureimage/test/index.php script via the URL is not validated before returning it to users.
Affected
WordPress SI CAPTCHA Anti-Spam plugin version 2.7.4
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-5190 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability