|
Description
|
|
Two vulnerabilities have been reported in the ClassiPress theme for WordPress, which can be exploited by malicious users to conduct script insertion attacks.
Input passed via the "twitter_id" and "facebook_id" parameters to /classipress/profile/ (when "doing_wp_cron" is set) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
The vulnerabilities are reported in versions 3.0.5.2 and 3.1.4. Other versions may also be affected.
|
