CVE-2014-4516 Information

Description

Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.

Reference

http://codevigilant.com/disclosure/wp-plugin-bic-media-a3-cross-site-scripting-xss