Cross-Site Scripting Vulnerability in Post Highlights Plugin for WordPress
CVE-2014-8087

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Post Highlights
Vendor
CVE Published:
16 October 2017

Summary

The Post Highlights plugin for WordPress is susceptible to a cross-site scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'txt' parameter in the headline action to ajax/ph_save.php. When exploited, this can lead to unauthorized actions on behalf of users and compromise site integrity. Site administrators are urged to update their plugin to version 2.6.1 or later to mitigate this risk.

References

https://wordpress.org/plugins/post-highlights/#developers
x_refsource_CONFIRM
https://g0blin.co.uk/cve-2014-8087/
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/8240
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.