WordPress SagePay Direct Payment Gateway Plugin <= 0.1.6.6 - Reflected XSS

This plugin is prone to a reflected cross site scripting vulnerability in pages/3DRedirect.php, pages/3DCallBack.php and pages/3DComplete.php multiple parameter. Solution Update the plugin...

WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DComplete.php Multiple Parameter Reflected XSS

The sagepay-direct-for-woocommerce-payment-gateway WordPress plugin was affected by a pages/3DComplete.php Multiple Parameter Reflected XSS security vulnerability...

CVE-2014-4549

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

CVE-2014-4549

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

CVE-2014-4549

CVE-2014-4549 affects the WordPress plugin WooCommerce SagePay Direct Payment Gateway (pages/3DComplete.php) with XSS via the (1) MD and (2) PARes parameters. Root cause is reflected HTML/script injection in that PHP page, leading to arbitrary script execution if exploited. Public sources indicat...