Cross-Site Scripting Vulnerability in Google Doc Embedder for WordPress
CVE-2015-1879

Currently unrated

Key Information:

Vendor: Wordpress
Status: Google Doc Embedder
Vendor: CVE Published:; 19 February 2015

Summary

A vulnerability exists in the Google Doc Embedder plugin for WordPress, allowing remote attackers to inject arbitrary web scripts or HTML. This occurs via the profile parameter during an edit action on the gde-settings page accessible through wp-admin/options-general.php. Users are advised to update to version 2.5.19 or later to mitigate this risk.

References

http://www.securityfocus.com/bid/72547

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/130309/WordPress-Goo...

x_refsource_MISC

https://wordpress.org/plugins/google-document-embedder/ch...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 19, 2015