CVE-2011-5106 – Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2011-5106

Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. Vulnerabilidad de ejecución de comandos remotos en sitios cruzados (XSS) en edit-post.php en el plugin Flexible Custom Post Type anterior a 0.1.7 para Wordpress que permite a atacantes remotos inyectar código web o HTML arbitrario a través del parámetro id. • https://www.exploit-db.com/exploits/36317 http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog http://www.securityfocus.com/archive/1/520542/100/0/threaded http://www.securityfocus.com/bid/50719 https://exchange.xforce.ibmcloud.com/vulnerabilities/71415 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •