Cross-Site Scripting Vulnerability in Shareaholic Plugin for WordPress
CVE-2014-9311

Currently unrated

Key Information:

Vendor: Wordpress
Status: Shareaholic
Vendor: CVE Published:; 14 April 2015

What is CVE-2014-9311?

The Shareaholic plugin for WordPress contains a cross-site scripting vulnerability in its admin.php file that can be exploited by remote authenticated users. Specifically, the vulnerability lies in the handling of the location[id] parameter in the shareaholic_add_location action through wp-admin/admin-ajax.php, allowing attackers to inject arbitrary web scripts or HTML content. This compromise can lead to various security issues, including session hijacking and unauthorized actions on behalf of the users.

References

http://security.szurek.pl/shareaholic-7603-xss.html

x_refsource_MISC

http://packetstormsecurity.com/files/131321/WordPress-Sha...

x_refsource_MISC

https://wordpress.org/plugins/shareaholic/changelog/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2015
Vulnerability Reserved
Dec 7, 2014

CVE-2014-9311 Data

JSON

Wordpress

What is CVE-2014-9311?

References

Timeline