ThreatPress

WordPress Vulnerabilities Database

Back

WordPress DZS Video Gallery Plugin - Cross Site Scripting and Command Injection Vulnerabilities

Product
DZS Video Gallery
Description
Because of these vulnerabilities in DZS Video Gallery plugin, an attacker can execute arbitrary script code in the browser and execute arbitrary OS commands. In that way an attacker can steal cookie-based authentication credentials and launch other attacks.
Solution
Upgrade the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-2014-9094
Versions
Affected In <= 7.85
Fixed In 7.86
Disclosure date
2014-07-13
Credits
MustLive