icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

WordPress 2.x < 2.6 'press-this.php' XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The version of WordPress installed on the remote host is vulnerable to a cross-site scripting flaw due to the way that it parses user-supplied data to the 'press-this.php' script. An attacker exploiting this flaw would need to be able to convince a WordPress user to open a malicious URI. Successful exploitation would result in attacker code being run in the browser.

Solution

Upgrade to WordPress 2.6, or later.