vendor:
RokMicroNews Plugin for WordPress
by:
SecurityFocus
8,8
CVSS
HIGH
Information Disclosure, Cross-Site Scripting, Arbitrary File Upload, Denial-of-Service
200, 79, 264, 400
CWE
Product Name: RokMicroNews Plugin for WordPress
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013
RokMicroNews Plugin for WordPress Multiple Vulnerabilities
The RokMicroNews plugin for WordPress is prone to multiple security vulnerabilities, including an information-disclosure vulnerability, a cross-site scripting vulnerability, an arbitrary file-upload vulnerability, and a denial-of-service vulnerability. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Users should upgrade to the latest version of the RokMicroNews plugin for WordPress. Additionally, users should ensure that all applications are kept up-to-date, as patches are frequently released to address security vulnerabilities.
