|Network Security Consulting Advisories Article
| Bugtraq ID: || 54311 |
| Class: || Input Validation Error |
| CVE: || |
| Remote: || Yes |
| Local: || No |
| Published: || Jul 05 2012 12:00AM |
| Updated: || Jul 05 2012 12:00AM |
| Credit: || Stefan Schurtz |
| Vulnerable: || |
| Not Vulnerable: || |
Security DiscussionQuick Post Widget plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Quick Post Widget 1.9.1 is vulnerable; other versions may also be affected.
Proof of Concept and Security ExploitsTo exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: email@example.com.
Security References(s) References: