Summary
This host is running WordPress Slideshow Plugin and is prone to cross site scripting and full path disclosure vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site and to gain sensitive information like installation path location.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
- Input passed via the 'randomId', 'slides' and 'settings' parameters to views/SlideshowPlugin/slideshow.php, 'settings', 'inputFields' parameters to views/SlideshowPluginPostType/settings.php and views/SlideshowPluginPostType/style-settings.php is not properly sanitised before being returned to the user.
- Direct request to the multiple '.php' files reveals the full installation path.
Affected
WordPress Slideshow Plugin version 2.1.12
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Rave User Information Disclosure Vulnerability