2 matches found
CVE-2013-3720
Cross-site scripting XSS vulnerability in widgetremove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wppostid parameter...
CVE-2013-3720
The CVE-2013-3720 entry describes an XSS vulnerability in the WordPress Feedweb plugin prior to version 1.9, specifically in widget_remove.php. The flaw allows an authenticated WordPress administrator to inject arbitrary script/HTML via the wp_post_id parameter, enabling browser-side script execu...