vendor:
bSuite
by:
Unknown
5.5
CVSS
MEDIUM
HTML-injection
79
CWE
Product Name: bSuite
Affected Version From: 4.0.7
Affected Version To: 4.0.7
Patch Exists: NO
Related CWE:
CPE: a:bsuite_project:bsuite:4.0.7
Platforms Tested: WordPress
2011
bSuite Plugin for WordPress HTML-injection Vulnerabilities
The bSuite plug-in for WordPress is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks may also be possible.
Mitigation:
Update to the latest version of bSuite plug-in for WordPress.