CVE-2008-0203

Name of the Vulnerable Software and Affected Versions Cryptographp plugin for WordPress versions 1.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters in the cryptographp/admin.php file. The vulnerable parameters include cryptwidth, cryptheight, bgimg, charR, charG, charB, charclear, tfont, charel, charelc, charelv, charnbmin, charnbmax, charspace, charsizemin, charsizemax, charanglemax, noisepxmin, noisepxmax, noiselinemin, noiselinemax, nbcirclemin, nbcirclemax, or brushsize to the "wp-admin/options-general.php" endpoint.

Recommendations For Cryptographp plugin for WordPress versions 1.2 and earlier, update to a version later than 1.2 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters in the cryptographp/admin.php file until a patch is available. Avoid using the vulnerable parameters in the affected API endpoint until the issue is resolved.