CVE-2011-5257

Name of the Vulnerable Software and Affected Versions Classipress theme versions prior to 3.1.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via the twitter id parameter related to the Twitter widget and the facebook id parameter related to the Facebook widget. This can be exploited to conduct cross-site scripting (XSS) attacks.

Recommendations For Classipress theme versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Twitter and Facebook widgets until the update is applied. Avoid using the twitter id and facebook id parameters in the affected widgets until the issue is resolved.