3 matches found
CVE-2014-100018
Cross-site scripting XSS vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php...
CVE-2014-100018
CVE-2014-100018 concerns the WordPress Unconfirmed plugin prior to 1.2.5. The vulnerability is a reflected XSS in the unconfirmed.php page where an attacker can inject arbitrary script via the s parameter sent to wp-admin/network/users.php. This is a remote, network‑accessible issue and is exploi...
CVE-2014-100018
Cross-site scripting XSS vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php...