ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Good News Themes - Cross Site Scripting

Product
Good News
Description
Because of this vulnerability in the "s" value of the "Good News themes" module, remote attackers can inject client-side script code to the vulnerable index GET method request. Also, the "s" value is wrong encoded and not filtered by the regular validation.
Solution
Update the theme.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Security Focus
CVE
Name CVE-N/A
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2016-02-29
Submitter
ThreatPress