wp-plugin : ebay-feeds-for-wordpress – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : ebay-feeds-for-wordpress


Effected Version : 1.1 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Prajal Kulkarni



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :




Disclosure Timeline


Vendor Contacted : 2013-12-16

Plugin Status : Updated on 2014-01-11
Public Disclosure : April 25, 2014
CVE Number : CVE-2014-4525

Plugin Description :
eBay Feeds For WordPress allows you to quickly and easily place feeds from the eBay Partner Network into your WordPress blog. These can easily be embedded into posts, placed as widgets or inserted into the themes - flexibility is huge. This plugin is ideal for bloggers who wish to make more money through their blogs by promoting eBay's affiliate programme, as well as users who sell their own items on eBay.

*Having Problems?* Please use the support forums and I'll attempt to get back to you quickly. In a rush? Use our [Plugin Installation & Customisation Service](winwar.co.uk/plugins/ebay-feeds-wordpress/#css)

= About Winwar Media =
This plugin is made by [**Winwar Media**](http://winwar.co.uk/), a WordPress Development and Training Agency in Manchester, UK.

Why don't you?

* [eBay Feeds For Wordpress](http://winwar.co.uk/plugins/ebay-feeds-wordpress/) WordPress Plugin homepage with further instructions.
* Check out more of our [WordPress Plugins](http://winwar.co.uk/plugins/)
* Follow us on Social Media, such as [Facebook](https://www.facebook.com/winwaruk), [Twitter](https://twitter.com/winwaruk) or [Google+](https://plus.google.com/+WinwarCoUk)
* [Send us an email](http://winwar.co.uk/contact-us/)! We like hearing from plugin users.
* Check out our book, [bbPress Complete](http://winwar.co.uk/books/bbpress-complete/)

= For Support =
We offer support in two places:-

* Support on the [WordPress.org Support Board](http://wordpress.org/support/plugin/inline-tweet-sharer)
* A [priority support forum](http://winwar.co.uk/priority-support/), which offers same-day responses.

Leave a Reply

Your email address will not be published. Required fields are marked *