Lucene search

K
patchstackHigh-Tech Bridge Security ResearchPATCHSTACK:D85490E56BC0EAB7A2DACF1366809FD6
HistoryMay 06, 2015 - 12:00 a.m.

WordPress WP Photo Album Plus Plugin <= 6.1.2 - Multiple XSS

2015-05-0600:00:00
High-Tech Bridge Security Research
patchstack.com
3

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Because of these vulnerabilities in wppa-ajax-front.php, the attackers can inject arbitrary web script or HTML via the “comemail” or “comname” parameters.

Solution

           Update the plugin. 
CPENameOperatorVersion
wp photo album plusle6.1.2

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for PATCHSTACK:D85490E56BC0EAB7A2DACF1366809FD6