CVE-2014-4559

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Swipehq-payment-gateway-WP-e-commerce
Vendor: CVE Published:; 27 December 2019

Summary

Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter.

References

http://codevigilant.com/disclosure/wp-plugin-swipehq-paym...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 27, 2019
Vulnerability Reserved
Jun 23, 2014