CVE-2014-3903
Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0018 (0.2%)
Percentil: 39.2%
EPSS: 2026-05-06
Afecta
jayj:cakifoDescripción técnica
Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
Publicada: 19/8/2014, 11:16:59
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://jayj.dk/security/JVN27531188.html
- http://jvn.jp/en/jp/JVN27531188/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000100
- https://wpvulndb.com/vulnerabilities/7534
- http://jayj.dk/security/JVN27531188.html
- http://jvn.jp/en/jp/JVN27531188/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000100
- https://wpvulndb.com/vulnerabilities/7534