CVE-2014-7956

Currently unrated

Key Information:

Vendor
Wordpress
Status
Pods
Vendor
CVE Published:
15 January 2015

Summary

Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.

References

http://seclists.org/fulldisclosure/2015/Jan/26
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/71995
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/129890/WordPress-Pod...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.