ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Blubrry PowerPress Podcasting Plugin <= 6.0.0 - XSS

Product
Blubrry PowerPress Podcasting
Description
This vulnerability allows an attacker to inject arbitrary web script or HTML via the "cat" parameter in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.
Solution
Upgrade the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-1385
Versions
Affected In <= 6.0.0
Fixed In 6.0.1
Disclosure date
2015-01-27
Credits
Onur Yilmaz