CVE-2019-14470: XSS
First published: Wed Sep 04 2019(Updated: )
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Instagram-php-api | ||
| User Pro | <=4.9.32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-14470.
What is the affected software?
The affected software is UserPro plugin through version 4.9.32 for WordPress and the cosenary Instagram-PHP-API (aka Instagram PHP API V2).
What is the severity of CVE-2019-14470?
The severity of CVE-2019-14470 is medium with a CVSS score of 6.1.
How does CVE-2019-14470 manifest?
CVE-2019-14470 manifests as a cross-site scripting (XSS) vulnerability in the example/success.php error_description parameter of the cosenary Instagram-PHP-API.
Are there any references for further information?
Yes, you can refer to the following links: [Packet Storm Security](http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html), [GitHub Commit History for Instagram-PHP-API](https://github.com/cosenary/Instagram-PHP-API/commits/master), and [WPScan Vulnerability Database](https://wpvulndb.com/vulnerabilities/9815).
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/instagram-php-api project
- canonical/instagram-php-api
- vendor/userproplugin
- canonical/user pro
- version/user pro/4.9.32