Universal Analytics <= 1.3.0 - Authenticated Cross-Site Scripting (XSS)

Sign up to our free email alerts service for instant vulnerability notifications!

Description
"A subscriber could update the plugins settings via the URL or AJAX. The settings were not sanitized before saving to the database and not escaped before outputted on the front end."

Affects

Plugin universal-analytics
fixed in version 1.3.1

References

URL https://wordpress.org/plugins/universal-analytics/changelog/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Ulrich
Submitter Twitter grapplerulrich
Views 71
Verified No
WPVDB ID 8381

Timeline

Publicly Published 2016-02-04 (10 months ago)
Added 2016-02-06 (10 months ago)
Last Updated 2016-02-06 (10 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.