vendor:
AdSense Plugin
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-Site Scripting and Cross-Site Request-Forgery
79,352
CWE
Product Name: AdSense Plugin
Affected Version From: 1.2 and prior
Affected Version To: 1.2 and prior
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014
WhyDoWork AdSense Plugin Cross-Site Scripting and Cross-Site Request-Forgery Vulnerabilities
WhyDoWork AdSense plugin for WordPress is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or perform unauthorized actions. Other attacks may also be possible.
Mitigation:
Ensure that all user-supplied input is validated and filtered before being used in the application. Additionally, ensure that the application is running with the least privileges necessary.
