Description
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Affected products
- adazing / morning_coffee3.5
- adazing / morning_coffee2.7 – 2.7
- adazing / morning_coffee2.8 – 2.8
- adazing / morning_coffee2.9 – 2.9
- adazing / morning_coffee3.0 – 3.0
- adazing / morning_coffee3.1 – 3.1
- adazing / morning_coffee3.2 – 3.2
- adazing / morning_coffee3.4 – 3.4
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/46295
- VENDOR_ADVISORYhttps://sitewat.ch/en/Advisories/20