ThreatPress

WordPress Vulnerabilities Database

Back

WordPress s2Member Pro Plugin

Product
s2Member Pro
Description
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s2member_pro_authnet_checkout[coupon]" parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2011-5082
Versions
Affected In <= 111220
Disclosure date
2012-03-19
Credits
Chris Martin