Signature Detail
Short Name |
HTTP:XSS:WP-GAZETTE-THEME |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
WordPress Theme Plugin src Parameter Cross Site Scripting |
Release Date |
2011/04/15 |
Update Number |
1903 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Gazette WordPress Theme Plugin src Parameter Cross Site Scripting
This signature detects attempts to exploit a cross-site scripting vulnerability in the WordPress Gazette Edition theme plugin. It is due to insufficient validation of user-supplied input submitted to the src parameter of the thumb.php script. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
The Gazette Edition for Wordpress is prone to multiple security vulnerabilities. These vulnerabilities include multiple denial-of-service vulnerabilities, a cross-site scripting vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, gain access to sensitive information, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Gazette Edition for Wordpress 2.9.4 and prior versions are vulnerable.
Affected Products
- WordPress The Gazette Edition 2.9.4
References
- BugTraq: 47320
- URL: http://www.premiumnewstheme.com/gazette-edition-theme/