CVE-2014-7151

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Nex-forms Lite
Vendor: CVE Published:; 8 January 2016

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.

References

https://research.g0blin.co.uk/cve-2014-7151/

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/8237

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 8, 2016
Vulnerability Reserved
Sep 22, 2014