Signature Detail
Short Name |
HTTP:XSS:WP-LIVE-WIRE-THEME |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Live Wire WordPress Theme Plugin src Parameter Cross Site Scripting |
Release Date |
2011/04/20 |
Update Number |
1905 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Live Wire WordPress Theme Plugin src Parameter Cross Site Scripting
This signature detects attempts to exploit a cross-site scripting vulnerability in the WordPress Live Wire theme plugin. It is due to insufficient validation of user-supplied input submitted to the src parameter of the thumb.php script. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Live Wire for Wordpress is prone to multiple security vulnerabilities. These vulnerabilities include multiple denial-of-service vulnerabilities, a cross-site scripting vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, gain access to sensitive information, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Live Wire for Wordpress 2.3.1 is vulnerable; other versions may also be affected.
Affected Products
- WordPress Live Wire 2.3.1
References