Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Genetechsolutions | Pie-Register | <= 1.30 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/95160
- http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&ExploitPatch
- http://secunia.com/advisories/54123Vendor Advisory
- http://wordpress.org/plugins/pie-register/changelog/
- http://wordpress.org/support/topic/security-issue-web-application-cross-site-scr
- http://www.securityfocus.com/bid/61140Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85604
- http://osvdb.org/95160
- http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&ExploitPatch
- http://secunia.com/advisories/54123Vendor Advisory
- http://wordpress.org/plugins/pie-register/changelog/
- http://wordpress.org/support/topic/security-issue-web-application-cross-site-scr
- http://www.securityfocus.com/bid/61140Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85604
FAQ
What is CVE-2013-4954?
CVE-2013-4954 is a vulnerability with a CVSS score of 2.6 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is...
How severe is CVE-2013-4954?
CVE-2013-4954 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4954?
Check the references section above for vendor advisories and patch information. Affected products include: Genetechsolutions Pie-Register, Wordpress Wordpress.