CVE-2014-6315 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback (2) dir or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.

Reference

http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html http://secunia.com/advisories/61649 http://www.securityfocus.com/archive/1/533595/100/0/threaded http://www.securityfocus.com/bid/70204 https://exchange.xforce.ibmcloud.com/vulnerabilities/96799 https://plugins.trac.wordpress.org/changeset?new=986500 https://www.htbridge.com/advisory/HTB23232