CVE-2014-9311

Name of the Vulnerable Software and Affected Versions Shareaholic plugin versions prior to 7.6.1.0 for WordPress

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic add location action to "wp-admin/admin-ajax.php".

Recommendations For Shareaholic plugin versions prior to 7.6.1.0, update to version 7.6.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php" endpoint for untrusted users until the update is applied. Avoid using the location[id] parameter in the shareaholic add location action until the issue is resolved.