Votecount for Balatarin <= 0.1.1 is vulnerable to XSS

N/A

Published
2014-06-22

Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.

CVE

https://www.cve.org/CVERecord?id=CVE-2014-4572

CVSS

Score:Unknown

Severity:Unknown

Version: 0.1.1

There is a patch available in v0.1.2 and we strongly recommend you update to this version as soon as possible.