WordPress GoCodes Plugin <= 1.3.5 - Multiple Vulnerabilities

Back

Product: GoCodes
Description: This plugin is prone to cross site scripting vulnerability, that allows authenticated users to inject HTML and JS code. And also there is an SQL injection vulnerability, that allows authenticated users execute arbitrary SQL commands.
Solution: Update the plugin.
Classification: Type Multi
References: Cinu
CVE: Name CVE-N/A
Versions: Affected In <= 1.3.5
Fixed In 1.3.6
Disclosure date: 2015-11-24
Credits: Marcin Probola
Submitter: ThreatPress