ThreatPress

WordPress Vulnerabilities Database

Back

WordPress User Submitted Posts Plugin <= 20151113 - XSS

Product
User Submitted Posts
Description
Because of this vulnerability, users with "unfiltered_html" capability are allowed to include JS code to post content.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Security Focus
CVE
Name CVE-N/A
Versions
Affected In <= 20151113
Fixed In 20160215
Disclosure date
2016-02-25
Submitter
ThreatPress