WordPress WP-UserOnline plugin URL HTML Injection Vulnerability (deprecated)
Low Nessus Network Monitor Plugin ID 5592
SynopsisThe remote web server hosts a web application that is vulnerable to an HTML-injection vulnerability.
DescriptionThe remote web server hosts WordPress with the WP-UserOnline plugin, a plugin to display how many users are online with detailed statistics.
Versions of WP-UserOnline earlier than 2.70 are potentially affected by an HTML-injection vulnerability. An attacker, exploiting this flaw, could potentially execute arbitrary script code in a user's browser.
SolutionUpgrade to WP-UserOnline 2.70 or later.