vendor:
RokStories Plugin
by:
SecurityFocus
7,5
CVSS
HIGH
Arbitrary File-Upload, Cross-Site Scripting, Information-Disclosure, Denial-of-Service
79, 352, 200, 400
CWE
Product Name: RokStories Plugin
Affected Version From: 1.25
Affected Version To: 1.25
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013
RokStories Plugin for WordPress Multiple Vulnerabilities
The RokStories plugin for WordPress is prone to multiple security vulnerabilities, including an arbitrary file-upload vulnerability, a cross-site scripting vulnerability, an information-disclosure vulnerability, and a denial-of-service vulnerability. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Users should upgrade to the latest version of the RokStories plugin for WordPress. Additionally, users should ensure that all web applications are kept up-to-date and that appropriate security measures are taken to mitigate the risk of attack.
