Reflected XSS Vulnerability in Raygun4WP Plugin by Mindscape
CVE-2017-9288

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Raygun4WP
Vendor
CVE Published:
29 May 2017

What is CVE-2017-9288?

The Raygun4WP plugin version 1.8.0 for WordPress contains a reflected XSS vulnerability within the sendtesterror.php file, specifically in the backurl parameter. This vulnerability can be exploited by attackers to inject malicious scripts into the web page, potentially compromising the security of the site and its users. Unauthenticated users can leverage this flaw to execute scripts in the context of the affected site, leading to unauthorized access and data theft. Website administrators should ensure that they are using the latest version of the plugin and implement proper input validation and sanitization to mitigate the risk.

References

https://github.com/MindscapeHQ/raygun4wordpress/issues/16
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/8836
x_refsource_MISC
https://github.com/MindscapeHQ/raygun4wordpress/pull/17
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.