ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Usernoise Plugin 3.7.8 - Persistent XSS

Product
Usernoise
Description
Usernoise plugin is prone to a persistent XSS vulnerability, because the user input is not being properly handled when a feedback is submitted. The affected area is the Wordpress admin dashboard. The vulnerability accepts arbitrary codes, including JavaScript. And all JavaScript code is executed causing a sever vulnerability with administrators as the target, when the content is displayed in the feedback section.
Solution
Upgrade to 3.7.9 version.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 3.7.8
Fixed In 3.7.9
Disclosure date
2013-08-07
Credits
RogueCoder