EUVD-2014-4519

Malware in sbrugna...

WordPress WP-Planet Cross-Site Scripting Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP-Planet is one of the plugins used in it. WordPress WP-Planet 0.1 and earlier versions of the rss.class/scripts/magpiedebug.php...

Cross site scripting

Cross-site scripting XSS vulnerability in rss.class/scripts/magpiedebug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2014-4592

The CVE-2014-4592 entry refers to a cross-site scripting (XSS) vulnerability in the WP-Planet WordPress plugin (<= 0.1) specifically in rss.class/scripts/magpie_debug.php, exploitable via the url parameter. The Root Cause is improper input handling that allows attackers to inject and execute c...

WP Planet <= 0.1 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. PoC https://www.example.com/wp-content/plugins/wp–planet/rss.class/scripts/magpiedebug.php?url=...