ThreatPress

WordPress Vulnerabilities Database

Back

WordPress GoCodes Plugin <= 1.3.5 - Multiple Vulnerabilities

Product
GoCodes
Description
This plugin is prone to cross site scripting vulnerability, that allows authenticated users to inject HTML and JS code. And also there is an SQL injection vulnerability, that allows authenticated users execute arbitrary SQL commands.
Solution
Update the plugin.
Classification
Type Multi
References
Cinu
CVE
Name CVE-N/A
Versions
Affected In <= 1.3.5
Fixed In 1.3.6
Disclosure date
2015-11-24
Credits
Marcin Probola
Submitter
ThreatPress