CVE-2015-3647

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-photo-album-plus
Vendor: CVE Published:; 21 May 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.

References

http://www.securityfocus.com/bid/74741

vdb-entryx_refsource_BID

https://www.htbridge.com/advisory/HTB23257

x_refsource_MISC

http://www.securityfocus.com/archive/1/535575/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 21, 2015
Vulnerability Reserved
May 6, 2015