ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Classipress Theme <= 3.1.4 - Stored XSS

Product
Classipress
Description
Classipress theme is prone to a stored cross-site scripting vulnerability because of input failure through the POST parameters 'facebook_id' and 'twitter_id' in a registered user's profile page. It allows an attacker to inject Javascript code.
Solution
Update the theme.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE- 2011-5257
Versions
Affected In <= 3.1.4
Fixed In 3.1.5
Disclosure date
2011-10-31
Credits
Paul Loftness