Intrusion PreventionWordPress.WP-Cumulus.Plugin.tagcloud.swf.XSS
Description
This indicates an attack attempt against a Cross Site Scripting vulnerability in the WP-Cumulus plugin for WordPress.
The vulnerability may allow an attacker to execute arbitary script code, because the software fails to properly sanitize user input passed via the "tagcloud" parameter to "tagcloud.swf". This may allow an attacker to steal cookie based authentication credentials and launch other attacks.
Affected Products
WP-Cumulus WP-Cumulus 1.22
WP-Cumulus WP-Cumulus 1.21
WP-Cumulus WP-Cumulus 1.20
WP-Cumulus WP-Cumulus 1.19
WP-Cumulus WP-Cumulus 1.18
WP-Cumulus WP-Cumulus 1.17
WP-Cumulus WP-Cumulus 1.16
WP-Cumulus WP-Cumulus 1.15
WP-Cumulus WP-Cumulus 1.14
WP-Cumulus WP-Cumulus 1.13
WP-Cumulus WP-Cumulus 1.12
WP-Cumulus WP-Cumulus 1.11
WP-Cumulus WP-Cumulus 1.1
WP-Cumulus WP-Cumulus 1.05
WP-Cumulus WP-Cumulus 1.04
WP-Cumulus WP-Cumulus 1.03
WP-Cumulus WP-Cumulus 1.02
WP-Cumulus WP-Cumulus 1.01
WP-Cumulus WP-Cumulus 1.00
BlogEngine.NET Cumulus widget
Impact
Information Spoofing: Remote attackers can spoof data of vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the web site.
http://wordpress.org/extend/plugins/wp-cumulus/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-01-11 | 16.995 |
| ID | 27244 |
| Created | Jul 11, 2011 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2009-4168 |
| Exploit Prediction Score | 16.85% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Other |