CVE-2014-5196

Improved User Search IN Backend < 1.2.4 - XSS

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that insert XSS sequences via the iusib_meta_fields parameter.

References (3)

[Patch, Vendor Advisory] http://wordpress.org/plugins/improved-user-search-in-backend/changelog

[Exploit] https://security.dxw.com/advisories/csrf-and-xss-in-improved-user-search-allow-execution-of-arbitrary-javascript-in-wordpress-admin-area/

[Third Party Advisory] http://secunia.com/advisories/60590

Scores

EPSS 0.0045

EPSS Percentile 63.3%

Details

CWE

CWE-79

Status published

Products (2)

improved_user_search_in_backend_project/improved_user_search_in_backend < 1.2.4

n/a/n/a

Published Aug 12, 2014

Tracked Since Feb 18, 2026