Cross-site scripting vulnerability in Recommend to a Friend plugin for WordPress
CVE-2013-7276

Currently unrated

Key Information:

Vendor: Wordpress
Status: Recommend To A Friend
Vendor: CVE Published:; 8 January 2014

Summary

The Recommend to a Friend plugin version 2.0.2 for WordPress is susceptible to Cross-site Scripting (XSS) attacks. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the 'current_url' parameter, which can result in unauthorized actions on behalf of users and potential data theft. Ensuring proper validation and sanitization of user inputs is essential to mitigate such risks. Website administrators are urged to enhance security measures and consider updating or removing affected versions.

References

http://packetstormsecurity.com/files/124587/WordPress-Rec...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/89989

vdb-entryx_refsource_XF

http://secunia.com/advisories/56209

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 8, 2014
Vulnerability Reserved
Jan 8, 2014