Signature Detail
Short Name |
HTTP:XSS:WP-AJAX-CATEGORY |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
WordPress Ajax Category Dropdown Plugin Cross Site Scripting |
Release Date |
2011/04/25 |
Update Number |
1909 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: WordPress Ajax Category Dropdown Plugin Cross Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability in the WordPress Ajax Category Dropdown Plugin. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Ajax Category Dropdown plugin is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Ajax Category Dropdown 0.1.5 is vulnerable; other versions may also be affected.
Affected Products
- Dyasonhat Ajax Category Dropdown 0.1.5
References
- BugTraq: 47529
- URL: http://www.wordpress.org