CVE-2014-1888

Currently unrated

Key Information:

Vendor: Wordpress
Status: Buddypress
Vendor: CVE Published:; 1 March 2014

Summary

Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.

References

http://www.securityfocus.com/bid/65555

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/91175

vdb-entryx_refsource_XF

http://secunia.com/advisories/56950

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 1, 2014
Vulnerability Reserved
Feb 7, 2014