Name: Marekkis Watermark-Plugin
Type: XSS
Status: A new version of Marekkis Watermark-Plugin has been released •
Description:
Input passed to the "pfad" parameter in wp-admin/options-general.php (when "page" is set to "marekkis-watermark/wm_dir.php") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Type: XSS
Exploit version: 0.9.2
Release Date: 19-04-2013 Status: A new version of Marekkis Watermark-Plugin has been released •
Description:
Input passed to the "pfad" parameter in wp-admin/options-general.php (when "page" is set to "marekkis-watermark/wm_dir.php") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Plugin Information
- Downloaded: 4253 Times
- Current Version: 0.9.4
- Author: Profile
- Tested up to: 3.5.1
- Download Plugin
Security Information
- Secunia ID: 52227
- Credit: Aditya Balapure
- Plugin statistics provided by WordPress.org. Updated within the last day or so.
- ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository
