ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Crontrol Plugin <= 1.2.3 - Cross Site Scripting (XSS)

Product
Crontrol
Description
Because of this vulnerability, authenticated administrators can store HTML and JS code. Vulnerable parameters: "id[hookname]", "id[sig]", "id[next_run]", "id[args][code]".
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Cinu
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.3
Fixed In 1.3
Disclosure date
2015-08-21
Credits
Marcin Probola
Submitter
ThreatPress