Lucene search
Kacper SzurekPATCHSTACK:8A14FDB855258125F7C70BA1DB7508CDHistoryDec 07, 2014 - 12:00 a.m.
WordPress Shareaholic Plugin <= 7.6.0 - XSS
2014-12-0700:00:00
Kacper Szurek
patchstack.com
5
EPSS
0.001
Percentile
46.7%
This vulnerability is in admin.php. It allows authenticated users to inject arbitrary web script or HTML via the “location[id]” parameter that is in a shareaholic_add_location action to wp-admin/admin-ajax.php.
Solution
Update the plugin.
Related
cvelist
cvelist
CVE-2014-9311
2015-04-14 14:00:00
exploitdb
exploitdb
WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting
2015-04-08 00:00:00
wpvulndb
wpvulndb
Shareaholic 7.6.0.3 - XSS
2014-11-10 00:00:00
prion
prion
Cross site scripting
2015-04-14 14:59:00
nvd
nvd
CVE-2014-9311
2015-04-14 14:59:02
cve
cve
CVE-2014-9311
2015-04-14 14:59:02
packetstorm
packetstorm
WordPress Shareaholic 7.6.0.3 Cross Site Scripting
2015-04-07 00:00:00
exploitpack
exploitpack
WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting
2015-04-08 00:00:00
zdt
zdt
Shareaholic 7.6.0.3 Persistent XSS Vulnerability
2015-04-08 00:00:00