CVE-2014-4586

Name of the Vulnerable Software and Affected Versions wp-football plugin version 1.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters and files, including the league parameter to files such as "football classification.php", "football criteria.php", "templates/template default preview.php", or "templates/template worldCup preview.php"; the f parameter to "football-functions.php"; the id parameter in an "action" action to files like "football groups list.php", "football matches list.php", "football matches phase.php", or "football phases list.php"; or the id league parameter in a delete action to "football matches load.php".

Recommendations For wp-football plugin version 1.1 and earlier, update to a version later than 1.1 to resolve the issue.