* WordPress Answer My Question plugin for WordPress 1.1
Answer My Question plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the record_question.php script. A remote attacker could exploit this vulnerability using the user_name and subject fields to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
The problem is located in the file: record_my_question.php which user's input are not sanitized.
This plugin displays a form with many fields to fill in. 2 of them are vulnerable to PERSISTENT cross site scripting.
The vulnerable fields are:
Via post, we can send malicious code in order to steal cookies, access to sensitive information, do a web application defacement to every single user that visits the poisoned profile.