ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Pondol Carousel Plugin <= 1.0 - Cross Site Scripting (XSS)

Product
Pondol Carousel
Description
Because of this vulnerability, the variable "itemid" appears to send unsanitized data back to the users browser. Vulnerable file is /pondol-carousel/pages/admin_create.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Openwall
Vapid
CVE
Name CVE-2016-1000145
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2016-05-11
Submitter
ThreatPress