CVE-2014-7138

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.

sureswiftcapital/WP-Google-Calendar-Events
sureswiftcapital/WP-Google-Calendar-Events
Legacy version/fork of the Google Calendar Events 2.4 WordPress plugin. Intended for backwards compatibility only.
GitHubGitHub
29