vendor:
RokNewsPager
by:
SecurityFocus
8,8
CVSS
HIGH
Information Disclosure, Cross-Site Scripting, Arbitrary File Upload, Denial-of-Service
200, 79, 264, 400
CWE
Product Name: RokNewsPager
Affected Version From: 1.0
Affected Version To: 1.2.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:rockettheme:roknewspager:1.2.2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: WordPress
2013
RokNewsPager plugin for WordPress Multiple Vulnerabilities
The RokNewsPager plugin for WordPress is prone to multiple security vulnerabilities, including an information-disclosure vulnerability, a cross-site scripting vulnerability, an arbitrary file-upload vulnerability, and a denial-of-service vulnerability. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Users should upgrade to the latest version of the RokNewsPager plugin for WordPress. Additionally, users should ensure that all web applications are kept up-to-date and that appropriate security measures are taken to mitigate the risk of attack.
