Wordpress-MU Cross Site Scripting Vulnerability
Product: Wordpress-MU (multi-user)
Version: Versions prior to 2.6 are affected
Credits: Juan Galiana
Juan Galiana has published the advisory to Bugtraq this week which includes a proof of concept exploit.
Wordpress-MU is affected by a Cross Site Scripting vulnerability, an attacker can perform an XSS attack that allows him to access the
targeted user cookies to gain administrator privileges
In /wp-admin/wpmu-blogs.php an attacker can inject javascript code, the input variables “s” and “ip_address” of GET method aren’t properly sanitized
WordPress-MU were notified and version 2.6.1 addresses this issue. We recommend all users upgrade as soon as possible.
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment