CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-4855

Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.4%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/59357
http://wordpress.org/plugins/polylang/changelog
http://secunia.com/advisories/59357
http://wordpress.org/plugins/polylang/changelog

Products affected by CVE-2014-4855

Polylang Plugin Project » Polylang » Version: 1.5

cpe:2.3:a:polylang_plugin_project:polylang:1.5
Polylang Plugin Project » Polylang » Version: 1.5.1

cpe:2.3:a:polylang_plugin_project:polylang:1.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4855

Products

Pricing

Contact Us