Test ID:	1.3.6.1.4.1.25623.1.0.804717
Category:	Web application abuses
Title:	WordPress Social Login 'xhrurl' Parameter XSS Vulnerability
Summary:	WordPress Social Login Plugin is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: WordPress Social Login Plugin is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Input passed via the 'xhrurl' HTTP GET parameter to diagnostics.php script is not properly sanitised before returning to the user. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: WordPress Social Login Plugin version 2.0.3, Other version may also be affected. Solution: Update to version 2.1.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4576 http://codevigilant.com/disclosure/wp-plugin-wordpress-social-login-a3-cross-site-scripting-xss
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.