WordPress New Year Firework Plugin <= 1.1.9 - Cross Site Scripting (XSS)
- New Year Firework
- Because of this vulnerability, the variable text appears to send unsanitized data back to the users browser.
The vulnerable file is /new-year-firework/firework/index.php.
- Update the plugin.
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- Name CVE-2016-1000140
Fixed In 1.2
- Disclosure date
- Larry W. Cashdollar