Name: Pretty Link Lite
Type: XSS
Status: A new version of Pretty Link Lite has been released •
Description:
Input passed via the "get-file" GET parameter to wp-content/plugins/pretty-link/includes/version-2 -kvasir/open-flash-chart.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's web browser session in the context of an affected site.
Type: XSS
Exploit version: 1.6.2
Release Date: 21-02-2013 Status: A new version of Pretty Link Lite has been released •
Description:
Input passed via the "get-file" GET parameter to wp-content/plugins/pretty-link/includes/version-2 -kvasir/open-flash-chart.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's web browser session in the context of an affected site.
Plugin Information
- Downloaded: 675215 Times
- Current Version: 1.6.4
- Author: Profile
- Tested up to: 3.5.1
- Download Plugin
Security Information
- Secunia ID: 52246
- Credit: hip
- Plugin statistics provided by WordPress.org. Updated within the last day or so.
- ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository
