WordPress ImageInject plugin 1.15 - Stored Cross-Site Scripting vulnerability

2018-01-0900:00:00

wpl0v3r

patchstack.com

0.001 Low

EPSS

Percentile

28.5%

JSON

Stored Cross-Site Scripting vulnerability found by wpl0v3r in WordPress ImageInject plugin (version 1.15). Vulnerable via the flickr_appid parameter to wp-admin/options-general.php.

Solution

           1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use.

CPENameOperatorVersion
imageinjecteq1.15

CPE	Name	Operator	Version
	imageinject	eq	1.15

References

wordpress.org/plugins/wp-inject/#developers

0.001 Low

EPSS

Percentile

28.5%

JSON

Related for PATCHSTACK:9A68F024F5E6481C9D32A5F2CEFA7638