ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Mobile Detector Plugin <= 3.2 - Stored Cross Site Scripting

Product
WP Mobile Detector
Description
This plugin is prone to a stored cross site scripting vulnerability, so, it exposes the AJAX action "websitez_options" to all registered users, which are on line 78 of wp-mobile-detector/websitez-wp-mobile-detector.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
References
Research-G0blin
CVE
Name CVE-N/A
Versions
Affected In <= 3.2
Fixed In 3.3
Disclosure date
2015-06-25
Credits
James Hooker