ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Best Web Soft Captcha Plugin 4.1.5 - Multiple Vulnerabilities

Product
Best Web Soft Captcha
Description
There are multiple vulnerabilities in this plugin, such as XSS and CSRF. Because of that, an attacker can send admin a URL crafted (for the example, http://wwww.victim.com/wp-admin/admin.php?page=captcha.php&action=whitelist&s=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E) or send a form, that will execute XSS.
Solution
Upgrade the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 4.1.5
Fixed In 4.1.6
Disclosure date
2016-03-10
Credits
Colette Chamberland