WordPress Web-Dorado Photo Gallery Plugin <= 1.1.30 - Multiple XSS

2014-09-1100:00:00

High-Tech Bridge SA

patchstack.com

EPSS

0.008

Percentile

82.2%

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the “callback”, “dir”, or “extensions” parameters.

Solution

           Update the plugin.

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6315

EPSS

0.008

Percentile

82.2%

Related for PATCHSTACK:4943C5B29626925DFE7EDD92FD51BCDE