Vulnerability Details CVE-2014-4525
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss
- http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog
- http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss
- http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog
Products affected by CVE-2014-4525
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:-
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.5
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.5.2
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.5.3
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.6
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.6.1
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.7
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.8
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.9
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.9.1
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.9.2
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:0.9.3
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:1.0
-
cpe:2.3:a:winwar:wp_ebay_product_feeds:1.1