Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin.
Allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php.
CVSS Scores & Vulnerability Types
CVSS Score 4.3
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID 79
Reference: http://www.cvedetails.com/cve/CVE-2014-4664/
- This topic was modified 6 hours, 51 minutes ago by AITpro Admin.