Cross-Site Scripting Vulnerability in JS Multi Hotel Plugin for WordPress
CVE-2014-100008

Currently unrated

Key Information:

Vendor: Wordpress
Status: Js Multi Hotel
Vendor: CVE Published:; 13 January 2015

What is CVE-2014-100008?

A Cross-Site Scripting (XSS) vulnerability exists in the JS Multi Hotel plugin for WordPress, specifically in the 'includes/delete_img.php' file. This vulnerability allows remote attackers to execute arbitrary scripts and inject malicious HTML via the 'path' parameter. Successful exploitation could lead to unauthorized actions on behalf of users, compromising the integrity of web applications and the data they handle.

References

http://packetstormsecurity.com/files/125959

x_refsource_MISC

http://websecurity.com.ua/7087/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/92207

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015

Wordpress

What is CVE-2014-100008?

References

Timeline