Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

Xu Yiyang WordPress Multiple Themes S Parameter Cross-Site Scripting Vulnerability

Multiple themes for WordPress are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These themes for WordPress are reported vulnerable:

Unnamed 1.0.0.2
Unnamed 1.02 Special Edition
Blue Memories 1.5.0

This issue is related to the issue described in BID 24954 (WordPress Multiple Themes S Parameter Cross-Site Scripting Vulnerability).







 

Privacy Statement
Copyright 2009, SecurityFocus