`This effects version 0.1 of abc-test the hole is fixed in version 0.2
---------
Affected products:
---------
Product : wordpress plugin abc-test
Affected file: abctest_config.php
----
Details:
----
The file abctest_config.php does not sanitize the input from $_GET ['id']
effectively. This allows a user to launch a cross site scripting attack
against this file. While the effectiveness of such an attack is somewhat
limited by the wordpress platform adding \ to quotes, it still may be
possible to inject cookie stealing objects (flash files for example).
Example code:
http://localhost/blog/wp-admin/admin.php?page=abctest&do=edit&id=%22%3E%3Ch1
%3EXSS%3C/h1
-------
Suggested fix:
-------
Sanitize the $_GET super global.
----
Timeline:
----
24-Sept-2012 Vendor and wordpress informed.
25-Sept-2012 Vendor confirmed the security issue and patched.
26-Sept-2012 Public release of the vulnerability, via the full disclosure
and
http://scott-herbert.com/blog/2012/09/26/xss-vulnerability-in-wordpress-plug
in-abc-test-1107
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation