4.3
CVE-2010-4402
- EPSS 2.14%
- Veröffentlicht 06.12.2010 13:37:32
- Zuletzt bearbeitet 16.06.2026 23:24:43
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginRegister Plus <= 3.5.11 - Stored Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.
Mögliche Gegenmaßnahme
Register Plus: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Devbits ≫ Register-plus Version <= 3.5.1
Devbits ≫ Register-plus Version1.1
Devbits ≫ Register-plus Version1.2
Devbits ≫ Register-plus Version2.0
Devbits ≫ Register-plus Version2.1
Devbits ≫ Register-plus Version2.2
Devbits ≫ Register-plus Version2.3
Devbits ≫ Register-plus Version2.4
Devbits ≫ Register-plus Version2.5
Devbits ≫ Register-plus Version2.6
Devbits ≫ Register-plus Version2.7
Devbits ≫ Register-plus Version2.8
Devbits ≫ Register-plus Version2.9
Devbits ≫ Register-plus Version3.0
Devbits ≫ Register-plus Version3.0.1
Devbits ≫ Register-plus Version3.0.2
Devbits ≫ Register-plus Version3.1
Devbits ≫ Register-plus Version3.2
Devbits ≫ Register-plus Version3.3
Devbits ≫ Register-plus Version3.4
Devbits ≫ Register-plus Version3.4.1
Devbits ≫ Register-plus Version3.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Register Plus
Version
*-3.5.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.14% | 0.797 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://osvdb.org/69491
http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt
http://secunia.com/advisories/42360
http://websecurity.com.ua/4539
http://www.securityfocus.com/archive/1/514903/100/0/threaded
http://www.securityfocus.com/bid/45057
https://www.wordfence.com/threat-intel/vulnerabilities/id/11043029-1b77-4e18-bdd8-fca2eadc6901