- WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress version 1.5 is vulnerable.
- Update to WordPress version 1.5.1 or latest
- Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.28)
- WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time Cross-Site Scripting (0.8.4)
- WordPress Plugin Google 'Plus one' Button by kms Multiple Vulnerabilities (1.5.0)
- WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (1.8.1)
- WordPress Plugin Contact Form Builder by Contact Bank Cross-Site Scripting (2.0.225)