Cross-Site Scripting Vulnerability in SoundCloud Is Gold Plugin for WordPress
CVE-2012-6624

Currently unrated

Key Information:

Vendor: Wordpress
Status: Soundcloud Is Gold
Vendor: CVE Published:; 16 January 2014

Summary

The SoundCloud Is Gold plugin version 2.1 for WordPress contains a cross-site scripting (XSS) vulnerability. Attackers can exploit this flaw by injecting malicious web scripts or HTML through the 'width' parameter during a request to the wp-admin/admin-ajax.php endpoint. This can lead to unauthorized data access or compromise of user sessions, making it crucial for users of the affected plugin to take remedial actions.

References

http://packetstormsecurity.org/files/112689/WordPress-Sou...

x_refsource_MISC

http://www.securityfocus.com/bid/53537

vdb-entryx_refsource_BID

http://secunia.com/advisories/49188

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 16, 2014
Vulnerability Reserved
Jan 16, 2014