Summary
This host is installed with WordPress Universal Post Manager Plugin and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to version 1.1.1 or later,
For updates refer to http://wordpress.org/extend/plugins/universal-post-manager
Insight
The flaws are due to input validation error in 'num' parameter in '/wp-content/plugins/universal-post-manager/template/email_screen_1.php' and '/wp-content/plugins/universal-post-manager/template/email_screen_2.php' and 'number' parameter in '/wp-content/plugins/universal-post-manager/templ ate/bookmarks_slider_h.php', which is not properly sanitized before being returned to the user.
Affected
WordPress Universal Post Manager Plugin Version 1.0.9
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability