ThreatPress

WordPress Vulnerabilities Database

Back

WordPress wpDiscuz Plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS)

Product
wpDiscuz
Description
This plugin is prone to a reflected cross site scripting vulnerability, because "Content-Type: application/json" is not set.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Security Szurek
CVE
Name CVE-N/A
Versions
Affected In <= 3.1.4
Fixed In 3.1.5
Disclosure date
2016-05-30
Credits
Kacper Szurek