CVE-2014-4572

Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
votecount_for_balatarin_projectvotecount_for_balatarin
𝑥
≤ 0.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss
http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss