WordPress plugin s2Member Pro vulnerable to XSS attack

February 15, 2012 By

 


Information At A Glance
Summary
WordPress Plugin, s2Memmber Pro -coupon code is vulnerable to Cross Site Scripting Attacks. The vulnerability is related to PayPal® Pro and Authorize.Net® Forms they were vulnerable to an XSS attack. This could be exploited with a Coupon Code containing special characters.
Fix / Corrective Action(s)
Update to version 120213 or the latest version.
Miscellaneous
Refer to the CMS Security Handbook (LINK) for other important tips on security of WordPress.

Disclaimer: Salvus Alerting provides timely industry related information to its subscriber community and visitors for informational purposes only and makes every effort to distribute accurate and reliable information. Any information provided, is considered “as-is” and the subscriber and/or visitor assumes all responsibility for its uses. Salvus Alerting disclaims all warranties with regard to the information being provided, including all implied warranties of merchantability and fitness. In no event shall Salvus Alerting be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other legal action, arising out of or in connection with the use or performance of this information being provided. Salvus Systems and Salvus Alerting is a wholly owned and operated by FactNgN, LLC. – as of 02/15/2012
Filed Under: CMS, Latest SalvusAlerts, WordPress Tagged With: , ,