ThreatPress

WordPress Vulnerabilities Database

Back

WordPress PDF And Print Plugin <= 1.7.4 - Reflected Cross Site Scripting

Product
PDF & Print
Description
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Vulnerable parameter is "bws_license_key".
Solution
Upgrade this plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploitalert
CVE
Name CVE-N/A
Versions
Affected In <= 1.7.4
Fixed In 1.7.5
Disclosure date
2015-10-03
Credits
Madhu Akula
Submitter
ThreatPress