|
Description
|
|
Two vulnerabilities have been discovered in the Traffic Analyzer plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed via the "aoid" GET parameter to wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is confirmed in version 3.3.2. Other versions may also be affected.
2) Input passed via the "ta_aoid" GET parameter to wp-content/plugins/trafficanalyzer/js/ta_live_init.js.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is confirmed in version 3.4.1. Prior versions may also be affected.
|
