ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Subscribe to Comments Plugin 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Product
Subscribe to Comments
Description
Subscribe to Comments plugin is prone to a cross-site scripting. Application fails to sufficiently clean up user-supplied data. The attacker-supplied could run HTML or JavaScript code in the context of the affected site. In that way the attacker can steal cookie-based authentication credits. There are other attacks also possible.
Solution
Upgrade the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.0
Fixed In 2.1
Disclosure date
2009-11-16
Credits
MustLive