Cross-Site Scripting Vulnerability in Random Banner Plugin for WordPress
CVE-2014-4847

Currently unrated

Key Information:

Vendor: Wordpress
Status: Random Banner
Vendor: CVE Published:; 10 July 2014

Summary

A vulnerability exists in the Random Banner plugin version 1.1.2.1 for WordPress that permits remote attackers to execute arbitrary web scripts or HTML. This security flaw can be exploited via the 'buffercode_RBanner_url_banner1' parameter during an update action in the WordPress admin dashboard, specifically in options.php. Successful exploitation can lead to unauthorized actions on behalf of users, data theft, or site manipulation.

References

http://packetstormsecurity.com/files/127292/WordPress-Ran...

x_refsource_MISC

http://www.securityfocus.com/bid/68280

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 10, 2014
Vulnerability Reserved
Jul 10, 2014