ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Sermon Browser Plugin 0.43 - Cross-Site Scripting and SQL Injection Vulnerabilities

Product
Sermon Browser
Description
There are several vulnerabilities in this plugin. The first is a cross-site scripting vulnerability and the second is an SQL injection vulnerability. These issues allow an attacker to steal cookie-based authentication credentials, modify data, or compromise the access.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 0.43
Fixed In 0.44
Disclosure date
2011-04-26
Credits
Ma3sTr0-Dz