CVE-2014-7138
CVE-2014-7138 affects the Google Calendar Events WordPress plugin. The vulnerability, due to improper sanitization of the gce_feed_ids parameter in the gce_ajax action to wp-admin/admin-ajax.php, enables reflected XSS. An attacker could lure a logged-in administrator to a crafted link and cause a...