Detections
Analytics

WordPress WP-UserOnline plugin URL HTML Injection Vulnerability (deprecated)

low Nessus Network Monitor Plugin ID 5592

Synopsis

The remote web server hosts a web application that is vulnerable to an HTML-injection vulnerability.

Description

The remote web server hosts WordPress with the WP-UserOnline plugin, a plugin to display how many users are online with detailed statistics.

Versions of WP-UserOnline earlier than 2.70 are potentially affected by an HTML-injection vulnerability. An attacker, exploiting this flaw, could potentially execute arbitrary script code in a user's browser.

Solution

Upgrade to WP-UserOnline 2.70 or later.

See Also

http://osdir.com/ml/bugtraq.security/2010-07/msg00005.html

http://scribu.net/wordpress/wp-useronline/wu-2-70.html

Plugin Details

Severity: Low

ID: 5592

Family: CGI

Published: 7/6/2010

Updated: 9/16/2018

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

Patch Publication Date: 5/7/2010

Vulnerability Publication Date: 7/1/2010

Reference Information

BID: 41335