- WordPress MU is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress MU versions prior to 2.7 are vulnerable.
- Update to WordPress MU version 2.7 or latest
- WordPress Plugin Indexisto WordPress Site Search Cross-Site Scripting (1.0.5)
- WordPress Plugin Track That Stat 'data' Parameter Cross-Site Scripting (1.0.8)
- WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.8.1)
- WordPress Plugin All-in-One Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.5)
- WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)