CVE-2008-0204

Name of the Vulnerable Software and Affected Versions Math Comment Spam Protection plugin for WordPress version 2.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the mcsp opt msg no answer or mcsp opt msg wrong answer parameters to the "wp-admin/options-general.php" API endpoint.

Recommendations For Math Comment Spam Protection plugin for WordPress version 2.1 and earlier, consider disabling the mcsp opt msg no answer and mcsp opt msg wrong answer parameters in the "wp-admin/options-general.php" endpoint until a patch is available. Restrict access to the wp-admin/options-general.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.