WordPress Integrator Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the ‘redirect_to’ parameter upon submission to the wp-login.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server.
Could you tell me if this is valid security advisory and when you plan to fix this bug?
- The topic ‘[Plugin: WordPress Integrator] wp-login.php redirect_to Parameter XSS’ is closed to new replies.