WordPress Class Reference Plugin <= 2.4.8

Back

WordPress Class Reference Plugin <= 2.4.8 - XSS

Product: Class Reference
Description: Because of this vulnerability in facture.php, the attackers can inject arbitrary web script or HTML.
Solution: Update the plugin.
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References: CVE Mitre
CVE: Name CVE-2014-4581
Versions: Affected In <= 2.4.8
Fixed In 2.4.9
Disclosure date: 2014-06-23
Credits: Anant Shrivastava