CVE-2014-4596 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter.

Reference

http://codevigilant.com/disclosure/wp-plugin-wpsnapapp-a3-cross-site-scripting-xss http://www.securityfocus.com/bid/68433