Cross-Site Scripting Vulnerability in Custom Banners for WordPress
CVE-2014-4724

Currently unrated

Key Information:

Vendor: Wordpress
Status: Custom Banners
Vendor: CVE Published:; 7 July 2014

Summary

The Custom Banners plugin for WordPress, specifically version 1.2.2.2, is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML code through the 'custom_banners_registered_name' parameter when accessing the wp-admin/options.php page. As a result, this vulnerability could be exploited to execute malicious scripts in the context of an affected user's session.

References

http://www.securityfocus.com/bid/68279

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/127291/WordPress-Cus...

x_refsource_MISC

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jul 7, 2014