Cross-Site Scripting Vulnerability in Rezgo Plugin for WordPress
CVE-2014-4546

Currently unrated

Key Information:

Vendor: Wordpress
Status: Rezgo
Vendor: CVE Published:; 2 July 2014

Summary

The Rezgo plugin for WordPress suffers from a Cross-Site Scripting (XSS) vulnerability in its book_ajax.php file. This flaw allows remote attackers to exploit the response parameter, potentially injecting arbitrary web scripts or HTML. As a result, users visiting a compromised page could unknowingly execute malicious scripts, which could lead to session hijacking, data theft, or other types of exploitation.

References

http://codevigilant.com/disclosure/wp-plugin-rezgo-a3-cro...

x_refsource_MISC

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014