Cross-site Scripting Vulnerability in WP Smiley Plugin for WordPress
CVE-2015-4139

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Smiley
Vendor: CVE Published:; 18 June 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the WP Smiley plugin version 1.4.1 for WordPress. This issue allows remote authenticated users to inject malicious web scripts or HTML code through the 's4w-more' parameter when accessing the options in the WordPress admin panel. By exploiting this vulnerability, attackers could potentially manipulate content or execute harmful scripts within the context of the user's session.

References

http://www.openwall.com/lists/oss-security/2015/05/31/2

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/74914

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2015/05/29/1

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jun 18, 2015
Vulnerability Reserved
May 31, 2015