Cross-site Scripting Vulnerability in Simple Popup Images Plugin for WordPress
CVE-2014-3921

Currently unrated

Key Information:

Vendor

Wordpress
Status
Simple Popup
Vendor
CVE Published:
30 May 2014

What is CVE-2014-3921?

The Simple Popup Images plugin for WordPress suffers from a cross-site scripting vulnerability that allows attackers to inject arbitrary web scripts or HTML. This exploitation occurs via the 'z' parameter in popup.php, potentially leading to unauthorized actions or data exposure on affected sites.

References

http://packetstormsecurity.com/files/126763/WordPress-Sim...
x_refsource_MISC
http://www.securityfocus.com/bid/67562
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.