Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

Quick Post Widget Plugin Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

http://www.securityfocus.com/bid/54311

Security Info

Bugtraq ID: 54311
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jul 05 2012 12:00AM
Updated: Jul 05 2012 12:00AM
Credit: Stefan Schurtz
Vulnerable:
Not Vulnerable:

Security Discussion

Quick Post Widget plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.

Quick Post Widget 1.9.1 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.

Security Solution(s)

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 21, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services