Cross-Site Scripting Flaw in WhyDoWork AdSense Plugin for WordPress
CVE-2014-9100

Currently unrated

Key Information:

Vendor: Wordpress
Status: Whydowork Adsense
Vendor: CVE Published:; 26 November 2014

What is CVE-2014-9100?

A Cross-Site Scripting (XSS) vulnerability exists in the WhyDoWork AdSense plugin version 1.2 for WordPress. This issue allows remote attackers to inject arbitrary web scripts or HTML into the site via the 'idcode' parameter on the whydowork_adsense page, specifically affecting wp-admin/options-general.php. Exploitation of this vulnerability could lead to unauthorized actions on behalf of users or the exposure of sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/68954

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/127658/WordPress-Why...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 26, 2014

JSON

Wordpress

What is CVE-2014-9100?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.