CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-9100

Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html
http://www.securityfocus.com/bid/68954
http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html
http://www.securityfocus.com/bid/68954

Products affected by CVE-2014-9100

Whydowork Adsense Project » Whydowork Adsense » Version: 1.2

cpe:2.3:a:whydowork_adsense_project:whydowork_adsense:1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9100

Products

Pricing

Contact Us