Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mnt-tech | wp-facethumb | 0.1 |
| mnt-tech | wp-facethumb | 0.2 |
| mnt-tech | wp-facethumb | 0.3 |
| mnt-tech | wp-facethumb | * |