WordPress WP TMKM Amazon Plugin <= 1.5b - XSS

2014-06-2300:00:00

Anant Shrivastava

patchstack.com

0.002 Low

EPSS

Percentile

57.1%

Because of this vulnerability in wp-tmkm-amazon-search.php, the attackers can inject arbitrary web script or HTML via the “AID” parameter.

Solution

           Update the plugin.

CPENameOperatorVersion
wp tmkm amazonle1.5b

CPE	Name	Operator	Version
	wp tmkm amazon	le	1.5b

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4598

0.002 Low

EPSS

Percentile

57.1%

Related for PATCHSTACK:560D3D7FE41D96003CB37B84519F616E