ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Slideshow Plugin - Multiple Cross Site Scripting Vulnerabilities

Product
Slideshow
Description
WordPress Slideshow plugin is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. In that way, an attacker can steal cookie-based authentication credentials and launch other attacks.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In 1.0
Fixed In 1.1
Disclosure date
2012-10-17
Credits
waraxe