Cross-Site Scripting Vulnerability in Video Posts Webcam Recorder Plugin for WordPress
CVE-2014-4568

Currently unrated

Key Information:

Vendor: Wordpress
Status: Video Posts Webcam Recorder
Vendor: CVE Published:; 2 July 2014

What is CVE-2014-4568?

A cross-site scripting (XSS) vulnerability exists in the Video Posts Webcam Recorder plugin for WordPress, specifically in the r_logout.php script. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'message' parameter. Successful exploitation can lead to various malicious activities, such as session hijacking or redirection to malicious sites, posing a significant threat to user data and application security.

References

http://codevigilant.com/disclosure/wp-plugin-video-posts-...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014

Wordpress

What is CVE-2014-4568?

References

Timeline