wp-plugin : style-it – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : style-it


Effected Version : 1.0 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Prajal Kulkarni



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :




Disclosure Timeline


Vendor Contacted : 2014-01-22

Plugin Status : Closed on 2014-01-11
Public Disclosure : April 25, 2014
CVE Number : CVE-2014-4555

Plugin Description :
This plugin enables you to manage background and fonts of almost every item in your wordpress blog. This plugin by default supports google fonts and cufon js fonts.

Style It also features a powerful editor where you can change various settings like background-image, background-url, color, etc.

This plugin is very easy to optimize for any blog.

 [Style It Homepage](http://www.unizoe.com/products/style-it-wp/ "Plugin homepage")

Leave a Reply

Your email address will not be published. Required fields are marked *