WordPress Web Dorado Spider Video Player XSS Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Web Dorado Spider Video Player plugin and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to version 1.5.2 or later. For updates refer https://wordpress.org/plugins/player

Insight

Input passed via the 'TrackId', 'task', and 'id' GET parameters are not properly sanitized before returning it to users.

Affected

WordPress Web Dorado Spider Video Player version before 1.5.2

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

https://wordpress.org/plugins/player/changelog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8584
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Information Disclosure Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache Subversion Module Metadata Accessible
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities

Take action and discover your vulnerabilities