CVE-2015-1385

Currently unrated

Key Information:

Vendor: Wordpress
Status: Powerpress
Vendor: CVE Published:; 2 February 2015

Summary

Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.

References

http://packetstormsecurity.com/files/130155/Blubrry-Power...

x_refsource_MISC

http://www.securityfocus.com/bid/72362

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/534577/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 2, 2015
Vulnerability Reserved
Jan 27, 2015