Possible XSS-Vulnerabilities

Viewing 2 replies - 1 through 2 (of 2 total)

  • I have worked on resolving issues with a website that was hacked in early Feb 2015. Malicious code was inserted into the Sociable plugin as the file:

    images/option2/.view27.php

    I do not know if there is any connection with the reported vulnerability but it would be good to know that this vulnerability has been addressed. Site is using version 4.3.4.1

    Thanks.

    The vulnerability at https://xforce.iss.net/xforce/xfdb/78782 is a false positive. Although you can inject script tags into the fields, you need to have admin access to the WordPress install to do so. If somebody has admin access you have worse problems, as the user would be able to edit the core WordPress PHP scripts.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible XSS-Vulnerabilities’ is closed to new replies.