Wordfence Security – Firewall, Malware Scan, and Login Security, CVE-2014-4664

CVE, Research URL: CVE-2014-4664
Home page URL: Security reports for Wordfence Security – Firewall, Malware Scan, and Login Security
Application: Wordfence Security – Firewall, Malware Scan, and Login Security
Published on: Nov 06, 2014
Research Description: Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php.
Affected versions: max 5.2.5.
Status: vulnerable