WordPress User Photo Plugin <= 0.9.5.1 - XSS

2012-05-2100:00:00

Ryan Hellyer

patchstack.com

EPSS

0.003

Percentile

65.1%

Because of this vulnerability in user-photo.php, attackers can inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php.

Solution

           Update the plugin.

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2920

EPSS

0.003

Percentile

65.1%

Related for PATCHSTACK:E9E07582D52D8D27A7FE1846692DBFED