CVE-2014-4533

Name of the Vulnerable Software and Affected Versions GEO Redirector plugin versions 1.0.1 and earlier

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the hid id parameter in the ajax functions.php file.

Recommendations For versions 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the hid id parameter in the affected AJAX endpoint until a patch is available.