2 matches found
CVE-2013-4944
Cross-site scripting XSS vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendshiprequestmessage parameter to...
CVE-2013-4944
The CVE-2013-4944 issue affects the WordPress plugin BuddyPress Extended Friendship Request (versions before 1.0.2). When the Friend Connections component is enabled, an XSS flaw exists in the friendship_request_message parameter passed to wp-admin/admin-ajax.php, enabling remote script/HTML inje...