mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-12 05:11:38 +02:00
0xMarcio
733 B
733 B
CVE-2014-5240
Description
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
POC
Reference
No PoCs from references.