WordPress Responsive Logo Slideshow Plugin Multiple HTML Injection Vulnerabilities
BID:58013
Info
WordPress Responsive Logo Slideshow Plugin Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 58013 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1759 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2013 12:00AM |
| Updated: | Feb 18 2013 12:00AM |
| Credit: | Aditya Balapure |
| Vulnerable: |
WordPress Responsive Logo Slideshow 0 |
| Not Vulnerable: | |
Discussion
WordPress Responsive Logo Slideshow Plugin Multiple HTML Injection Vulnerabilities
The Responsive Logo Slideshow plugin for WordPress is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks may also be possible.
The Responsive Logo Slideshow plugin for WordPress is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks may also be possible.
Exploit / POC
WordPress Responsive Logo Slideshow Plugin Multiple HTML Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
WordPress Responsive Logo Slideshow Plugin Multiple HTML Injection Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WordPress Responsive Logo Slideshow Plugin Multiple HTML Injection Vulnerabilities
References:
References:
- WordPress Homepage (WordPress)