CVE-2014-4593

Name of the Vulnerable Software and Affected Versions WP Plugin Manager (wppm) plugin version 1.6.4.b and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the filter parameter in the wp-plugins-net/index.php file. This could potentially lead to unauthorized actions on the affected website.

Recommendations For WP Plugin Manager (wppm) plugin version 1.6.4.b and earlier, update to a version later than 1.6.4.b to resolve the issue. As a temporary workaround, consider restricting access to the wp-plugins-net/index.php file or disabling the filter parameter to minimize the risk of exploitation.