Release date: 2012-11-02
Updated on:
Affected Systems:
WordPress Spider Catalog Plugin 1.x
Description:
--------------------------------------------------------------------------------
The Spider WordPress Product Catalog plug-in is a tool that forms a Product Catalog on a website.
Spider Catalog 1.1 and other versions have security vulnerabilities. They are sent to front_end_functions.html through "full_name" and "message_text" post.pdf. php input is not properly filtered in front_end_functions.php to be used. Attackers can insert arbitrary HTML and script code and then execute it in the user's browser.
<* Source: Daniel Barragan
Link: http://secunia.com/advisories/51143/
Http://packetstorm.codar.com.br/1211-exploits/wpcatalog-xss.txt
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://downloads.wordpress.org/plugin/catalog.zip