CVE-2014-3903
The CVE-2014-3903 issue affects the WordPress Cakifo theme (1.x) before 1.6.2. The vulnerability is a cross-site scripting (XSS) flaw that lets remote authenticated users inject arbitrary web script or HTML via crafted Exif data. The underlying risk comes from the theme’s handling of Exif metadat...