Description

Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2014-9032

Related Vulnerabilities

WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.9.4)

WordPress Plugin WP Travel-Best Travel Booking, Tour Management Engine Cross-Site Request Forgery (4.4.6)

MySQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0709)

WordPress Other Vulnerability (CVE-2006-2667)

WordPress Plugin WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking Multiple Vulnerabilities (1.8)

Severity

Medium

Classification

CVE-2014-9032 CWE-707

Tags

Missing Update Known Vulnerabilities