Lucene search

K
patchstackMarcin ProbolaPATCHSTACK:21B9AF45AE48CA579C00668DCAB95123
HistoryAug 13, 2015 - 12:00 a.m.

WordPress My Page Order Plugin <= 4.3 - Cross Site Scripting

2015-08-1300:00:00
Marcin Probola
patchstack.com
7
wordpress
page order
plugin
cross site scripting
upgrade

Because of this vulnerability, the attackers can inject arbitrary web script or HTML.
Vulnerable parameters are “pages” and “hdnParentID”.

Solution

           Upgrade this plugin. 

Affected configurations

Vulners
Node
-my_page_orderRange4.3
VendorProductVersionCPE
-my_page_order*cpe:2.3:a:-:my_page_order:*:*:*:*:*:*:*:*