CVE-2014-4664

Currently unrated

Key Information:

Vendor: Wordpress
Status: Wordfence Security
Vendor: CVE Published:; 6 November 2014

Summary

Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php.

References

http://www.securityfocus.com/bid/70911

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/533907/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.wordfence.com/blog/2014/06/security-fix-wordfe...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 6, 2014
Vulnerability Reserved
Jun 26, 2014