CVE-2014-4600: XSS
First published: Wed Jul 02 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wp Ultimate Email Marketer Plugin | <=1.1.0 | |
| WordPress |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-4600?
CVE-2014-4600 is considered a medium severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2014-4600?
To fix CVE-2014-4600, update the WP Ultimate Email Marketer plugin to version 1.1.1 or later.
What are the affected versions of the WP Ultimate Email Marketer plugin for CVE-2014-4600?
CVE-2014-4600 affects WP Ultimate Email Marketer plugin version 1.1.0 and earlier.
What type of vulnerability is CVE-2014-4600?
CVE-2014-4600 is classified as a cross-site scripting (XSS) vulnerability.
Does CVE-2014-4600 affect WordPress installations?
CVE-2014-4600 specifically affects the WP Ultimate Email Marketer plugin used within WordPress.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wp ultimate email marketer project
- canonical/wp ultimate email marketer plugin
- version/wp ultimate email marketer plugin/1.1.0
- vendor/wordpress
- canonical/wordpress