ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Nextend Facebook Connect Plugin 1.4.59 - XSS

Product
Nextend Facebook Connect
Description
Because of a cross-site scripting vulnerability in Nextend Facebook Connect plugin, anyone can change plugin settings.
Solution
Update the plugin to version 1.5.1.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-2014-8800
Versions
Affected In <= 1.4.59
Fixed In 1.4.60
Disclosure date
2014-12-02
Credits
Kacper Szurek