Cross-Site Scripting Vulnerability in Photocrati Theme for WordPress
CVE-2014-100016

Currently unrated

Key Information:

Vendor: Wordpress
Status: Photocrati
Vendor: CVE Published:; 13 January 2015

Summary

The Photocrati theme for WordPress contains a vulnerability that allows remote attackers to execute arbitrary web scripts or inject HTML code via the prod_id parameter in the ecomm-sizes.php file. This flaw can lead to unauthorized actions and potentially compromise the security of affected websites. Proper input validation and sanitization measures are vital to mitigate such risks and enhance overall security.

References

http://secunia.com/advisories/56690

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/102717

vdb-entryx_refsource_OSVDB

http://packetstormsecurity.com/files/124986/WordPress-Pho...

x_refsource_MISC

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015