ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Google Document Embedder Plugin <= 2.5.18 - XSS

Product
Google Document Embedder
Description
This vulnerability allows an attacker to inject arbitrary web script or HTML via the "profile" parameter in the gde-settings page to wp-admin/options-general.php.
Solution
Upgrade the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-1879
Versions
Affected In <= 2.5.18
Fixed In 2.5.19
Disclosure date
2015-02-19
Credits
Morten Nørtoft