WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Integrator
wp-login.php redirect_to Parameter XSS (1 post)

  1. henrisalo
    Member
    Posted 2 years ago #

    WordPress Integrator Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'redirect_to' parameter upon submission to the wp-login.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

    Could you tell me if this is valid security advisory and when you plan to fix this bug?

    http://www.osvdb.org/show/osvdb/80628
    http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt

    http://wordpress.org/extend/plugins/wp-integrator/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic