ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Google SEO Pressor Snippet Plugin <= 1.2.6 - Reflected XSS

Product
Google SEO Pressor Snippet
Description
This plugin is prone to a reflected cross site scripting vulnerability, because these parameters are not sanitized: "Address Region", "Longitude", "Latitude", "Event type", "Offer aggregate", "Low Price", "High Price", "Offer Url", "Price", "Events Website", "Offer Quantity", "Price valid Until", "Tickets currency", "Start Date", "End Date", "Street Address", "Address Locality", "Event Name", "Events Url", "Photo" and "Location".
Solution
Upgrade this plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
WordPress
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.6
Fixed In 1.2.7
Disclosure date
2016-04-21
Credits
Rahul Pratap Singh
Submitter
ThreatPress