Cross-Site Scripting Vulnerability in Rezgo Plugin for WordPress
CVE-2014-4546

Currently unrated

Key Information:

Vendor
Wordpress
Status
Vendor
CVE Published:
2 July 2014

Summary

The Rezgo plugin for WordPress suffers from a Cross-Site Scripting (XSS) vulnerability in its book_ajax.php file. This flaw allows remote attackers to exploit the response parameter, potentially injecting arbitrary web scripts or HTML. As a result, users visiting a compromised page could unknowingly execute malicious scripts, which could lead to session hijacking, data theft, or other types of exploitation.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.