PT-2014-3243 · WordPress · Ad-Minister Plugin
Htbridge
·
Published
2014-01-02
·
Updated
2018-10-09
·
CVE-2013-6993
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Ad-minister plugin versions 0.6 and earlier for WordPress
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
key parameter in a delete action to "wp-admin/tools.php". This is a cross-site scripting (XSS) issue.Recommendations
For Ad-minister plugin versions 0.6 and earlier, update to a version later than 0.6 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ad-Minister Plugin