October 1, 2016

Multiple XSS vulnerabilities in WordPress Register Plus plugin

WordPress Register Plus plugin that enhance the WordPress registration page by adding custom logo, invitation codes, disclaimers, CAPTCHA validation, email validation and user moderation has multiople Cross Site Scripting (XSS) vulnerabilities.

According to Securityfocus.com, an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

These multiple cross-site scripting vulnerabilities have been classified as input validation error due to Register Plus issue to properly sanitize user-supplied input.
Register Plus 3.5.1 is vulnerable; other versions may also be affected.

Related Article:

http://websecurity.com.ua/4539 (Russian)