Cross-Site Scripting Vulnerability in WP Symposium Plugin
CVE-2013-2695

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Symposium
Vendor: CVE Published:; 28 March 2014

Summary

A cross-site scripting vulnerability in the invite.php file of the WP Symposium plugin prior to version 13.04 allows remote attackers to inject arbitrary web scripts or HTML. Exploiting this vulnerability can lead to unauthorized actions being performed by users, including but not limited to data theft or session hijacking. Proper validation of user input is crucial to mitigate such risks.

References

http://osvdb.org/92275

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/52864

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 28, 2014
Vulnerability Reserved
Mar 26, 2013