CVE-2014-8492

Name of the Vulnerable Software and Affected Versions Profile Builder plugin versions prior to 2.0.3

Description The issue allows remote attackers to inject arbitrary web script or HTML via the site name, message, or site url parameters in the assets/misc/fallback-page.php file.

Recommendations For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue.