Wordpress Game Speed plugin 'timthumb. php' Cross-Site Scripting Vulnerability

Wordpress Game Speed plugin 'timthumb. php' Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
WordPress Game Speed
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69007
 
Wordpress Game Speed is a topic of WordPress. It is applicable to website Game reviews, news, blogs, and others.
 
Wordpress Game Speed has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to execute arbitrary script code in the context of the user's browser of the affected site.
 
<* Source: Ashiyane Digital Security Team
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/wp-content/themes/gamespeed/includes/timthumb.php? H = 80 & amp; src = [XSS]

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://wordpress.org/

This article permanently updates the link address: