CVE-2014-100007 Information

Description

Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.

Reference

http://secunia.com/advisories/57753 https://exchange.xforce.ibmcloud.com/vulnerabilities/92555 https://wordpress.org/plugins/hk-exif-tags/changelog/