ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Content Cards Plugin <= 0.9.6 - Cross-Site Scripting vulnerability

Product
Content Cards
Description
A cross site scripting vulnerability was found in WordPress Content Cards plugin in 0.9.6 version. This vulnerability is related to OpenGraph Data Handler functionality. The data is not sanitized properly and it leads to a cross site scripting vulnerability.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Changelog
VulDB
CVE
Name CVE-N/A
Versions
Affected In <= 0.9.6
Fixed In 0.9.7
Disclosure date
2017-12-04
Submitter
ThreatPress