WordPress FAQs Manager Plugin Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Bugtraq ID:	58645
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 22 2013 12:00AM
Updated:	Mar 22 2013 12:00AM
Credit:	m3tamantra
Vulnerable:
Not Vulnerable:

WordPress FAQs Manager Plugin Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

FAQs Manager Plugin for WordPress is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.

An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.

FAQs Manager 1.0 is vulnerable; other versions may also be affected.

WordPress FAQs Manager Plugin Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI or visiting a malicious website.

The following example data is available:

• /data/vulnerabilities/exploits/58645.txt

WordPress FAQs Manager Plugin Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

WordPress FAQs Manager Plugin Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

References: