WordPress Mingle Forum Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
BID:58059
Info
WordPress Mingle Forum Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 58059 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-0734 CVE-2013-0735 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2013 12:00AM |
| Updated: | Feb 20 2013 12:00AM |
| Credit: | Charlie Eriksen and Secunia Research |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
WordPress Mingle Forum Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
The Mingle Forum plug-in for WordPress is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mingle Forum 1.0.33.3 is vulnerable; other versions may also affected.
The Mingle Forum plug-in for WordPress is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mingle Forum 1.0.33.3 is vulnerable; other versions may also affected.
Solution / Fix
WordPress Mingle Forum Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information
Solution:
Updates are available. Please see the references or vendor advisory for more information
References
WordPress Mingle Forum Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
References:
References:
- Mingle Forum Homepage (WordPress)
- Secunia Research: WordPress Mingle Forum Plugin Four SQL Injection Vulnerabiliti (Secunia Research)
- Secunia Research: WordPress Mingle Forum Plugin Two Cross-Site Scripting Vulnera (Secunia Research)
- WordPress Homepage (WordPress)