CVE-2014-4576

Name of the Vulnerable Software and Affected Versions WordPress Social Login plugin versions 2.0.3 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the xhrurl parameter in the services/diagnostics.php file.

Recommendations For WordPress Social Login plugin versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue.