security vulnerabilities
-
my host has provided this warning about this plugin
Kento Post View Counter <= 2.8 – CSRF and multiple XSS
The combination of CSRF and XSS in this plugin can lead to huge damage of the website, as the two fields kento_pvc_today_text and kento_pvc_total_text are reflected on all authenticated users as well as non-authenticated user ,all the post have a footer which shows this two parameter reflected in them ,so if an attacker successfully attacks a website almost all the pages on that website will execute the malicious javascript payload on all the clients browsers visiting that website.every user visiting the website will be affected.
- The topic ‘security vulnerabilities’ is closed to new replies.
