header-logo
Suggest Exploit
vendor:
Cover WP theme
by:
Not specified
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Cover WP theme
Affected Version From: Version prior to 1.6.6
Affected Version To: Not specified
Patch Exists: YES
Related CWE: Not specified
CPE: a:wordpress:cover_wp_theme
Metasploit:
Other Scripts:
Platforms Tested:
Not specified

Cross-Site Scripting in Cover WP theme for WordPress

The Cover WP theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Upgrade to Cover WP theme version 1.6.6 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49873/info

The Cover WP theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Versions prior to Cover WP theme 1.6.6 are vulnerable. 

http://www.example.com/?s=[XSS]

Navigation

Suggest Exploit

Services By CQR