Vulnerability Details : CVE-2014-6315
Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2014-6315
- cpe:2.3:a:photo_gallery_plugin_project:photo_gallery_plugin:1.1.30:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6315
3.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6315
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-6315
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6315
-
https://plugins.trac.wordpress.org/changeset?new=986500
Changeset 986500 – WordPress Plugin RepositoryExploit
-
http://www.securityfocus.com/bid/70204
WordPress Photo Gallery Plugin 'admin-ajax.php' Multiple Cross Site Scripting Vulnerabilities
-
http://www.securityfocus.com/archive/1/533595/100/0/threaded
SecurityFocus
-
https://www.htbridge.com/advisory/HTB23232
Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin - HTB23232 Security Advisory | ImmuniWebExploit
-
http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html
WordPress Photo Gallery 1.1.30 Cross Site Scripting ≈ Packet StormExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96799
Photo Gallery plugin for WordPress wp-admin/admin-ajax.php cross-site scripting CVE-2014-6315 Vulnerability Report
Jump to