ThreatPress

WordPress Vulnerabilities Database

Back

WordPress New Year Firework Plugin <= 1.1.9 - Cross Site Scripting (XSS)

Product
New Year Firework
Description
Because of this vulnerability, the variable text appears to send unsanitized data back to the users browser. The vulnerable file is /new-year-firework/firework/index.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Openwall
Vapid
CVE
Name CVE-2016-1000140
Versions
Affected In <= 1.1.9
Fixed In 1.2
Disclosure date
2016-04-12
Credits
Larry W. Cashdollar
Submitter
ThreatPress