Cross-Site Scripting Vulnerability in Swipe Checkout for eShop Plugin by WordPress
CVE-2014-4556

Currently unrated

Key Information:

Vendor: Wordpress
Status: Swipe Checkout For Eshop
Vendor: CVE Published:; 1 July 2014

Summary

The Swipe Checkout for eShop plugin for WordPress contains a cross-site scripting vulnerability that enables remote attackers to exploit the plugin by injecting arbitrary web scripts or HTML through the api_url parameter. This flaw affects version 3.7.0 and earlier, potentially compromising user data and site integrity.

References

http://codevigilant.com/disclosure/wp-plugin-swipe-hq-che...

x_refsource_MISC

Timeline

Vulnerability published
Jul 1, 2014
Vulnerability Reserved
Jun 23, 2014