CVE-2014-4543

Pay Per Media Player <1.24 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter.

References (2)

Scores

EPSS 0.0017
EPSS Percentile 38.7%

Details

CWE
CWE-79
Status published
Products (2)
pay_per_media_player_project/pay_per_media_player < 1.24
n/a/n/a
Published Jul 02, 2014
Tracked Since Feb 18, 2026