ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Customer Area Plugin <= 7.4.2 - Reflected Cross Site Scripting vulnerability

Product
WP Customer Area
Description
The value of $_REQUEST[‘page’] parameter is not escaped in the template files - /src/php/core-addons/admin-area/templates/. This allows an attacker to execute a reflected cross site scripting attack. The vulnerability was fixed in version 7.4.3.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
References
Changelog
Pluginvulnerabilities
CVE
Name CVE-N/A
Versions
Affected In <= 7.4.2
Fixed In 7.4.3
Disclosure date
2017-11-27
Credits
pluginvulnerabilities