Release date:
Updated on:
Affected Systems:
WordPress WP Symposium
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59045
CVE (CAN) ID: CVE-2013-2694
WordPress WP Symposium plug-in is a network plug-in that adds social functions.
WP Symposium 13.04 does not properly filter wp-content/plugins/wp-symposium/invite. php's "u" GET parameter value has a security vulnerability. When a user clicks a malicious link containing the affected script, it can be spoofed by a malicious attacker.
<* Source: Charlie Eriksen
Link: http://www.securelist.com/en/advisories/52925
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.wpsymposium.com/