BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS

The BuddyPress Extended Friendship Request WordPress plugin was affected by a wp-admin/admin-ajax.php friendshiprequestmessage Parameter XSS security vulnerability...

Cross site scripting

Cross-site scripting XSS vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendshiprequestmessage parameter to...

CVE-2013-4944

The CVE-2013-4944 issue affects the WordPress plugin BuddyPress Extended Friendship Request (versions before 1.0.2). When the Friend Connections component is enabled, an XSS flaw exists in the friendship_request_message parameter passed to wp-admin/admin-ajax.php, enabling remote script/HTML inje...