ThreatPress

WordPress Vulnerabilities Database

Back

WordPress RSVPMaker Plugin 2.5.4 - Persistent XSS

Product
RSVPMarker
Description
WordPress RSVPMaker plugin is prone to a persistent XSS vulnerability. The RSVP form does not properly sanitize input fields. This vulnerability will fire when the admin views the event's attendance list in the RSVP report section.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.5.4
Fixed In 2.5.5
Disclosure date
2012-08-13
Credits
Chris Kellum