This host is installed with WordPress Spreadsheet plugin and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://timrohrer.com/blog/?page_id=71

Input passed via the 'ss_id' parameter to wpSS/ss_handler.php script is not validated before returning it to users.

WordPress Spreadsheet plugin version 0.62

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://packetstormsecurity.com/files/127770
• http://www.osvdb.com/109879
• http://www.osvdb.com/109880

---

Updated on 2015-03-25