WordPress Efence Plugin <= 1.3.2 - Multiple XSS

2014-06-2300:00:00

Prajal Kulkarni

patchstack.com

0.001 Low

EPSS

Percentile

49.8%

Because of these vulnerabilities in callback.php, the attackers can inject arbitrary web script or HTML.

Solution

           Update the plugin.

CPENameOperatorVersion
efencele1.3.2

CPE	Name	Operator	Version
	efence	le	1.3.2

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4526

0.001 Low

EPSS

Percentile

49.8%

Related for PATCHSTACK:09295B57B203A664B2D49182EE716E47