Cross site scripting

2021-08-1619:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

32.1%

JSON

The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER[‘PHP_SELF’] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9.

CPENameOperatorVersion
wp_fountainle1.5.9

CPE	Name	Operator	Version
	wp_fountain	le	1.5.9

References

plugins.trac.wordpress.org/browser/wp-fountain/trunk/wp-fountain.php

www.wordfence.com/vulnerability-advisories/

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for PRION:CVE-2021-34653