Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the ajax_url parameter to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mnt-tech wp-facethumb |
||
mnt-tech wp-facethumb 0.1 |
||
mnt-tech wp-facethumb 0.3 |
||
mnt-tech wp-facethumb 0.2 |