{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-07-02T17:57:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://codevigilant.com/disclosure/wp-plugin-efence-a3-cross-site-scripting-xss"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4526", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://codevigilant.com/disclosure/wp-plugin-efence-a3-cross-site-scripting-xss", "refsource": "MISC", "url": "http://codevigilant.com/disclosure/wp-plugin-efence-a3-cross-site-scripting-xss"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:20:25.974Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://codevigilant.com/disclosure/wp-plugin-efence-a3-cross-site-scripting-xss"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4526", "datePublished": "2014-07-02T18:00:00.000Z", "dateReserved": "2014-06-23T00:00:00.000Z", "dateUpdated": "2024-08-06T11:20:25.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:efence_project:efence:*:-:-:*:-:wordpress:*:*", "matchCriteriaId": "7F6F645A-DAFA-4731-817E-DA5095360C7C", "versionEndIncluding": "1.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en callback.php en el plugin efence 1.3.2 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) message, (2) zoneid, (3) pubKey, o (4) privKey."}], "id": "CVE-2014-4526", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-07-02T18:55:08.550", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://codevigilant.com/disclosure/wp-plugin-efence-a3-cross-site-scripting-xss"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://codevigilant.com/disclosure/wp-plugin-efence-a3-cross-site-scripting-xss"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}