Vulnerability Description
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Feedweb | Feedweb | <= 1.8.8 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb&old=689612&new_pExploitPatch
- http://secunia.com/advisories/52855Vendor Advisory
- http://wordpress.org/extend/plugins/feedweb/changelog/
- http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txtExploit
- http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb&old=689612&new_pExploitPatch
- http://secunia.com/advisories/52855Vendor Advisory
- http://wordpress.org/extend/plugins/feedweb/changelog/
- http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txtExploit
FAQ
What is CVE-2013-3720?
CVE-2013-3720 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the w...
How severe is CVE-2013-3720?
CVE-2013-3720 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3720?
Check the references section above for vendor advisories and patch information. Affected products include: Feedweb Feedweb, Wordpress Wordpress.