CVE-2013-3720 – Feedweb < 1.9 - Authenticated (Admin+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-3720

03 Apr 2013 — Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. Vulnerabilidad de ejecuciónd de secuencias de comandos en sitios cruzados (XSS) en widget_remove.php en el complemento Feedweb anterior a v1.9 para WordPress permite a administradores autenticados a inyectar secuencias de comandos Web o HTML a través del parámetro wp_post_id. The Feedweb pl... • http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb&old=689612&new_path=%2Ffeedweb&new=689612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •