Cross-Site Scripting Vulnerability in Another WordPress Classifieds Plugin by WordPress
CVE-2014-10012

Currently unrated

Key Information:

Vendor: Wordpress
Status: Another WordPress Classifieds Plugin
Vendor: CVE Published:; 13 January 2015

What is CVE-2014-10012?

The Another WordPress Classifieds Plugin contains a cross-site scripting (XSS) vulnerability that can be exploited by remote attackers. By manipulating the query string in a URL directed at the plugin's default URI, attackers can inject arbitrary web scripts or HTML. This may result in unauthorized access to sensitive information or interaction with the user at the client's end, making it critical for users to implement the latest security measures to mitigate this risk.

References

http://packetstormsecurity.com/files/129035/Another-WordP...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/98588

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015

Wordpress

What is CVE-2014-10012?

References

Timeline