ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Pretty Link Lite Plugin 1.5.2 - SQL Injection and Cross Site Scripting Vulnerabilities

Product
Pretty Link Lite
Description
Pretty Link Lite plugin is prone to multiple cross-site scripting and SQL-injection vulnerabilities because of failure to properly clean up user-supplied input. It allows an attacker to steal cookie-based authentication credentials, access or modify data, compromise the application or exploit latent vulnerabilities in the underlying database.
Solution
Update the plugin.
Classification
Type Multi
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.5.2
Fixed In 1.5.3
Disclosure date
2012-05-15
Credits
Heine Pedersen