Vulnerabilities

CVE-2015-1494

by Fred · 17/02/2015

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015.

Date published : 2015-02-17

http://www.securityfocus.com/bid/72506

https://plugins.trac.wordpress.org/changeset/1082625/

Similar

Tags: Cybersecurity Alert