WordPress Social Media Widget Plugin CVE-2013-1949 HTML Injection Vulnerability
BID:59081
Info
WordPress Social Media Widget Plugin CVE-2013-1949 HTML Injection Vulnerability
| Bugtraq ID: | 59081 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1949 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2013 12:00AM |
| Updated: | Apr 16 2013 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
WordPress Social Media Widget Plugin CVE-2013-1949 HTML Injection Vulnerability
The Social Media Widget plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The Social Media Widget plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Solution / Fix
WordPress Social Media Widget Plugin CVE-2013-1949 HTML Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
WordPress Social Media Widget Plugin CVE-2013-1949 HTML Injection Vulnerability
References:
References: