ThreatPress

WordPress Vulnerabilities Database

Back

WordPress E-Search Plugin <= 1.0 - Cross-Site Scripting (XSS)

Product
E-Search
Description
Because of this vulnerability, the variable date-from appears to send unsanitized data back to the users browser.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Openwall
Vapid
CVE
Name CVE-2016-1000131
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2016-04-13
Credits
Larry W. Cashdollar
Submitter
ThreatPress