Cross-Site Scripting Vulnerability in WP Easy Post Types Plugin by WordPress
CVE-2014-4524

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Easy Post Types
Vendor: CVE Published:; 2 July 2014

What is CVE-2014-4524?

A Cross-Site Scripting (XSS) vulnerability exists in the WP Easy Post Types plugin for WordPress, specifically in the classes/custom-image/media.php file. This flaw allows remote attackers to inject and execute arbitrary web scripts or HTML through the 'ref' parameter. Exploitation of this vulnerability can lead to unauthorized access, data theft, and impact the site's integrity. Users are advised to upgrade to the latest version 1.4.4 or higher to mitigate this risk.

References

http://wordpress.org/plugins/easy-post-types/changelog

x_refsource_CONFIRM

http://codevigilant.com/disclosure/wp-plugin-easy-post-ty...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014

Wordpress

What is CVE-2014-4524?

References

Timeline