ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Design Approval System Plugin <= 3.6 - XSS

Product
Design Approval System
Description
Because of this vulnerability in admin/walkthrough/walkthrough.php, the attackers can inject arbitrary web script or HTML via the "step" parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2013-5711
Versions
Affected In <= 3.6
Fixed In 3.7
Disclosure date
2013-09-09