2 matches found
CVE-2014-100007
Cross-site scripting XSS vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information...
CVE-2014-100007
CVE-2014-100007 concerns the WordPress plugin HK Exif Tags (pre-1.12). The vulnerability is an XSS flaw in the plugin’s handling of EXIF tags, exploitable by remote authenticated users. The affected component is the HK Exif Tags plugin for WordPress; the root cause is improper handling of EXIF da...