Published on 02/07/14 - Updated on 11/07/14
Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 126.96.36.199 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.
CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
No exploits available for this CVE in our database.