MidnightBSD

Advisories for yahoo!_updates_for_wordpress_plugin_project

CVE-2014-4603 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
yahoo!_updates_for_wordpress_plugin_project yahoo!_updates_for_wordpress_plugin *