Cross-Site Scripting Vulnerability in Zingiri Web Shop Plugin for WordPress
CVE-2012-6506

Currently unrated

Key Information:

Vendor: Wordpress
Status: Zingiri Web Shop
Vendor: CVE Published:; 24 January 2013

Summary

The Zingiri Web Shop plugin for WordPress, specifically version 2.4.0, contains multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML into the application through unvalidated input parameters, specifically the 'page' parameter in zing.inc.php and the 'notes' parameter in fws/pages-front/onecheckout.php. This flaw can compromise the integrity and security of websites using the affected plugin, allowing attackers to execute malicious scripts in the context of users’ browsers.

References

http://www.osvdb.org/81493

vdb-entryx_refsource_OSVDB

http://plugins.trac.wordpress.org/changeset?reponame=&old...

x_refsource_CONFIRM

http://wordpress.org/extend/plugins/zingiri-web-shop/chan...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Jan 23, 2013