漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. User Login History easily tracks user login with the multiple attributes.
Multiple cross-site scripting (XSS) vulnerabilities in the allow remote attackers to inject arbitrary web script or HTML via the date_from, date_to, user_id, username, country_name, browser, operating_system, or ip_address parameter to the admin/partials/listing/listing.php source file.
Affected Versions:
User Login History versions prior to 1.6
QID Detection Logic:
This unauthenticated detection depends on the BlindElephant engine to detect the version of the User Login History plugin in any WordPress installation as active attacks could potentially harm live installations.
漏洞危害
Successful exploitation allows a remote attacker to conduct XSS attacks against a targeted machine.
解决方案
Customers are advised to upgrade User Login History 1.6 or later WordPress plugin versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论