CVE-2013-2287

Name of the Vulnerable Software and Affected Versions Uploader plugin version 1.0.4 for WordPress

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the notify or blog parameters in the views/notify.php file.

Recommendations For Uploader plugin version 1.0.4, consider disabling the views/notify.php file or restricting access to it until a patch is available. Avoid using the notify and blog parameters in the affected API endpoint until the issue is resolved.