CVE-2014-8087

Published: 2017-10-16T15:29Z

Last Modified: 2024-11-21T02:18Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt