QwikSec

Security Database

CVE

CWE

Training

CVE-2014-6315

Published: Oct 10, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin

mailing-list

x_refsource_BUGTRAQ

wp-photogallery-cve20146315-xss(96799)

vdb-entry

x_refsource_XF

https://www.htbridge.com/advisory/HTB23232

x_refsource_MISC

http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset?new=986500

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.