wp-plugin : xen-carousel – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : xen-carousel


Effected Version : 0.12.2 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :




Vulnerable Parameter : path, ajaxpath


Disclosure Timeline


Vendor Contacted : 2014-01-17

Plugin Status : Closed
Public Disclosure : May 28, 2014
CVE Number : CVE-2014-4602

Plugin Description :
**The balance of form and function.**

Call out sections of your site by easily creating a carousel of images, associated to posts or pages, for display on your home page or anywhere on your site. The carousel purposely does not come styled, but is instead semantically marked up with #IDs and .classes to make it easy for you to integrate it into your theme without much effort.

Leave a Reply

Your email address will not be published. Required fields are marked *