EUVD-2016-1089

Malware in sbrugna...

Wordpress pondol-carousel plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports the hosting of personal blog sites on servers running PHP and MySQL. pondol-carousel is one of the plugins used to create a folder. A cross-site scripting vulnerability...

CVE-2016-1000145

Reflected XSS in wordpress plugin pondol-carousel v1.0...

CVE-2016-1000145

Reflected XSS in wordpress plugin pondol-carousel v1.0...

Cross site scripting

Reflected XSS in wordpress plugin pondol-carousel v1.0...

CVE-2016-1000145

Reflected XSS in wordpress plugin pondol-carousel v1.0...

CVE-2016-1000145

CVE-2016-1000145 affects the WordPress pondol-carousel plugin (v1.0). The vulnerability is a Cross-Site Scripting (XSS) flaw in the plugin’s admin flow, traced to unsanitized data in the variable like itemid being sent back to the user’s browser (admin_create.php). This can allow an attacker to i...

WordPress Pondol Carousel Plugin <= 1.0 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable "itemid" appears to send unsanitized data back to the users browser. Vulnerable file is /pondol-carousel/pages/admincreate.php. Solution Update the plugin...