JVN#13582657: WordPress plugin "Nofollow Links" vulnerable to cross-site scripting

2016-07-20T00:00:00
ID JVN:13582657
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-07-20T00:00:00

Description

## Description

The WordPress plugin "Nofollow Links" contains a cross-site scripting (CWE-79) vulnerability in nofollow-links.php.

## Impact

An arbitrary script may be executed on the web browser of a user who is logged on as an administrator.

## Solution

Update the plugin
Update the plugin according to the information provided by the developer.

## Products Affected

  • Nofollow Links version 1.0.10 and earlier