WordPress Welcart e-Commerce Plugin <= 1.3.12 - Multiple XSS

foliopress-wysiwyg

Software
Foliopress WYSIWYG
Versions
<= 1.3.12
Disclosure date
2015-01-13
CVE
CVE-2014-10016
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A3: Cross Site Scripting (XSS)

Are your websites subject to this vulnerability?

Details

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML in an add_delivery_method action to wp-admin/admin-ajax.php via 4 parameters: "name", "intl", "nocod", or "time parameter".

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.