Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress WP-UserOnline plugin URL HTML Injection Vulnerability (deprecated)

Low

Synopsis

The remote web server hosts a web application that is vulnerable to an HTML-injection vulnerability.

Description

The remote web server hosts WordPress with the WP-UserOnline plugin, a plugin to display how many users are online with detailed statistics.

Versions of WP-UserOnline earlier than 2.70 are potentially affected by an HTML-injection vulnerability. An attacker, exploiting this flaw, could potentially execute arbitrary script code in a user's browser.

Solution

Upgrade to WP-UserOnline 2.70 or later.