ThreatPress

WordPress Vulnerabilities Database

Back

WordPress UCan Post Plugin <= 1.0.09 - Stored XSS

Product
UCan post
Description
UCan Post plugin is prone to a stored cross-site scripting vulnerability. It causes such problems as: name field and post title are not sanitized and it is injectable with a payload and email field is not sanitized but can it will check for a valid email address.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.09
Fixed In 1.0.10
Disclosure date
2012-01-19
Credits
Gianluca Brindisi