ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Google Analyticator <= 6.4.9.5 - Multiple XSS

Product
Google Analyticator
Description
These vulnerabilities allow an attacker to inject arbitrary web script or HTML via the 1. ga_downloads_prefix 2. ga_downloads 3. ga_adsense 4. ga_admin_disable_DimentionIndex 5. ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-6238
Versions
Affected In <= 6.4.9.5
Fixed In 6.4.9.6
Disclosure date
2015-08-14