| Vector: | Remote |
| Severity: | Low |
| Patch: | Unpatched |
| Impact: | Cross-site Scripting (XSS) |
| Software: | WordPress GD Star Rating Plugin 1.x , vulnerable versions: <=1.9.7
|
An input validation error exists in wp-content/plugins/gd-star-rating/widgets/widget_top.php while processing the data passed to the parameter "wpfn". A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary html and scripting code in user`s browser in context of a vulnerable website.
Further exploitation of this vulnerability may result in stealing potentially sensitive to the user information, such as cookies, or disguising the information presented on the website.
Demo:
Click here to view!
0 nhận xét:
Đăng nhận xét