Cross-Site Scripting Vulnerabilities in Mingle Forum Plugin for WordPress
CVE-2013-0734
Currently unrated
Summary
The Mingle Forum plugin for WordPress is susceptible to multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML code. These vulnerabilities can be exploited through the 'search_words' parameter in a search action directed at wpf.class.php, and the 'togroupusers' parameter during an 'add_user_togroup' action in fs-admin/fs-admin.php.
References
Timeline
Vulnerability published
Vulnerability Reserved