WordPress Plugin “My WP Customize Admin/Frontend” vulnerable to cross-site scripting

Overview

WordPress Plugin “My WP Customize Admin/Frontend” contains a cross-site scripting vulnerability.

Description

WordPress Plugin “My WP Customize Admin/Frontend” provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).

Impact

If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.

Solution

Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following version that addresses this vulnerability.

  • My WP Customize Admin/Frontend ver 1.24.1

Credit

The developer reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and the developer coordinated to publish this advisory.

نوشته های مشابه

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Multiple vulnerabilities in SHARP routers

“Shonen Jump+” App for Android fails to restrict custom URL schemes properly