Live Wire for Wordpress Multiple Vulnerabilities

vendor:

Live Wire for Wordpress

by:

N/A

CVSS

HIGH

Multiple vulnerabilities including denial-of-service, cross-site scripting, and information disclosure

CWE

Product Name: Live Wire for Wordpress

Affected Version From: 2.3.2001

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Live Wire for WordPress Multiple Vulnerabilities

The vulnerabilities in Live Wire for Wordpress allow an attacker to launch denial-of-service attacks, execute arbitrary script code, gain access to sensitive information, and steal authentication credentials. The attacker can exploit these vulnerabilities by sending malicious requests to the affected URLs.

Mitigation:

Update to the latest version of Live Wire for Wordpress. Implement web application firewalls and input validation to mitigate the risk of cross-site scripting attacks. Regularly monitor and audit web server logs to detect and prevent denial-of-service attacks. Use secure authentication mechanisms to protect sensitive information.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47299/info

Live Wire for Wordpress is prone to multiple security vulnerabilities. These vulnerabilities include multiple denial-of-service vulnerabilities, a cross-site scripting vulnerability, and an information-disclosure vulnerability.

Exploiting these issues could allow an attacker to deny service to legitimate users, gain access to sensitive information, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible.

Live Wire for Wordpress 2.3.1 is vulnerable; other versions may also be affected. 

http://www.example.com/wp-content/themes/livewire-edition/thumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E.jpg

http://www.example.com/wp-content/themes/livewire-edition/thumb.php?src=jpg

http://www.example.com/wp-content/themes/livewire-edition/thumb.php?src=http://site/big_file&h=1&w=1