WordPress Traffic Analyzer Plugin XSS Vulnerability Network Vulnerability

Summary

This host is running WordPress with Traffic Analyzer plugin and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to WordPress Traffic Analyzer Plugin version 3.4.0 or later. For updates refer to http://wordpress.org/extend/plugins/trafficanalyzer

Insight

The input passed via 'aoid' parameters to '/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php' script is not properly validated.

Affected

WordPress Traffic Analyzer Plugin version 3.3.2 and prior

References

http://osvdb.org/92197
http://packetstormsecurity.com/files/121167
http://secunia.com/advisories/52929

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-3526
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
Advanced Image Hosting Cross Site Scripting Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability

Take action and discover your vulnerabilities