WordPress WP-UserOnline plugin URL HTML Injection Vulnerability (deprecated)

Low Nessus Network Monitor Plugin ID 5592


The remote web server hosts a web application that is vulnerable to an HTML-injection vulnerability.


The remote web server hosts WordPress with the WP-UserOnline plugin, a plugin to display how many users are online with detailed statistics.

Versions of WP-UserOnline earlier than 2.70 are potentially affected by an HTML-injection vulnerability. An attacker, exploiting this flaw, could potentially execute arbitrary script code in a user's browser.


Upgrade to WP-UserOnline 2.70 or later.

See Also



Plugin Details

Severity: Low

ID: 5592

Family: CGI

Published: 2010/07/06

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Low


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2010/05/07

Vulnerability Publication Date: 2010/07/01

Reference Information

BID: 41335