Lucene search
High-Tech BridgePATCHSTACK:D50E19BFB95A76A6DFABEA1CD209D2D4HistorySep 22, 2014 - 12:00 a.m.
WordPress Google Calendar Events Plugin <= 2.0.3 - XSS
2014-09-2200:00:00
High-Tech Bridge
patchstack.com
9
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the “gce_feed_ids” parameter in a gce_ajax action to wp-admin/admin-ajax.php.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| google calendar events | le | 2.0.3 |
Related
packetstorm
packetstorm
WordPress Google Calendar Events 2.0.1 Cross Site Scripting
2014-10-10 00:00:00
wpvulndb
wpvulndb
Google Calendar Events < 2.0.4 - XSS
2014-10-08 00:00:00
zdt
zdt
WordPress Google Calendar Events 2.0.1 Cross Site Scripting Vulnerability
2014-10-10 00:00:00
prion
prion
Cross site scripting
2014-10-16 19:55:00
htbridge
htbridge
nessus
nessus
Google Calendar Events Plugin for WordPress 'admin-ajax.php' XSS
2014-11-21 00:00:00
securityvulns
securityvulns
cve
cve
CVE-2014-7138
2014-10-16 19:55:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related for PATCHSTACK:D50E19BFB95A76A6DFABEA1CD209D2D4