WordPress WP Construction Mode Plugin <= 1.91 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

CVE-2014-4854

The CVE-2014-4854 entry concerns the WP Construction Mode WordPress plugin version 1.8. Affected component: the under-construction feature using the wuc_logo parameter in a save action to wp-admin/admin.php. Root cause: reflected XSS vulnerability in the handling of wuc_logo, allowing remote atta...