This host is installed with Wordpress Social Connect Plugin and is prone to cross site scripting vulnerability.

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade to latest version of WordPress Social Connect plugin. For updates refer to http://wordpress.org/plugins/social-connect

Input passed via the 'testing' parameter to /social-connect/diagnostics/test.php script is not properly sanitised before being returned to the user.

WordPress Social Connect plugin version 1.0.4 and earlier.

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://codevigilant.com/disclosure/wp-plugin-social-connect-a3-cross-site-scripting-xss/
• http://www.osvdb.com/102411

---

Updated on 2015-03-25