WordPress WP-UserOnline plugin URL HTML Injection Vulnerability (deprecated)

Low Nessus Network Monitor Plugin ID 5592

Synopsis

The remote web server hosts a web application that is vulnerable to an HTML-injection vulnerability.

Description

The remote web server hosts WordPress with the WP-UserOnline plugin, a plugin to display how many users are online with detailed statistics.

Versions of WP-UserOnline earlier than 2.70 are potentially affected by an HTML-injection vulnerability. An attacker, exploiting this flaw, could potentially execute arbitrary script code in a user's browser.

Solution

Upgrade to WP-UserOnline 2.70 or later.

See Also

http://osdir.com/ml/bugtraq.security/2010-07/msg00005.html

http://scribu.net/wordpress/wp-useronline/wu-2-70.html

Plugin Details

Severity: Low

ID: 5592

Family: CGI

Published: 2010/07/06

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2010/05/07

Vulnerability Publication Date: 2010/07/01

Reference Information

BID: 41335