MidnightBSD

Advisories for efence_project

CVE-2014-4526 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
efence_project efence *