Back
WordPress SagePay Direct Payment Gateway Plugin <= 0.1.6.7 - Multiple XSS
- Product
- SagePay Direct Payment Gateway
- Description
- Because of these vulnerabilities in pages/3DComplete.php, the attackers to inject arbitrary web script or HTML.
- Solution
- Update the plugin.
- Classification
-
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- References
-
CVE Mitre
- CVE
- Name CVE-2014-4549
- Versions
-
Affected In
<= 0.1.6.7
Fixed In 0.1.6.8
- Disclosure date
- 2014-06-23
- Credits
- Prajal Kulkarni