Universal Analytics <= 1.3.0 - Authenticated Cross-Site Scripting (XSS)



Description
"A subscriber could update the plugins settings via the URL or AJAX. The settings were not sanitized before saving to the database and not escaped before outputted on the front end."

Affects Plugin

fixed in version 1.3.1

References

CVE 2016-10912
URL https://wordpress.org/plugins/universal-analytics/changelog/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Ulrich
Submitter Twitter grapplerulrich
Views 4564
Verified No
WPVDB ID 8381

Timeline

Publicly Published 2016-02-04 (over 3 years ago)
Added 2016-02-06 (over 3 years ago)
Last Updated 2019-08-22 (28 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin