CVE-2014-9394

🗓️ 31 Dec 2014 21:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 31 Views🌐 WEB

Multiple CSRF vulnerabilities in PWGRandom plugin for WordPres

Reporter	Title	Published	Views	Family All 7
CNVD	WordPress Plugin PWGRandom Has Multiple Cross-Site Request Forgery Vulnerabilities	8 Jan 201500:00	–	cnvd
Cvelist	CVE-2014-9394	31 Dec 201421:00	–	cvelist
EUVD	EUVD-2014-9215	7 Oct 202500:30	–	euvd
NVD	CVE-2014-9394	31 Dec 201421:59	–	nvd
Packet Storm	WordPress PWG Random 1.11 CSRF / XSS	18 Dec 201400:00	–	packetstorm
Patchstack	WordPress PWG Random Plugin <= 1.11 - Multiple CSRG and XSS	17 Dec 201400:00	–	patchstack
Prion	Cross site request forgery (csrf)	31 Dec 201421:59	–	prion

NVD

Node

pwgrandom_project pwgrandomRange≤1.11wordpress

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/129640/WordPress-PWG-Random-1.11-CSRF-XSS.html
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/99437

Parameter	Position	Path	Description	CWE
pwgrandom_title	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_category	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_path	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_url_path	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_size	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_nb_images	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_nb_images_row	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_nb_image_spacing	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
pwgrandom_submit_hidden	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352
Submit	request body	/wordpress/wp-admin/options-general.php?page=pwgrandom	CSRF enabled by the plugin allows an attacker to modify admin settings and trigger stored XSS via pwgrandom_title and pwgrandom_category parameters.	CWE-352

06 May 2026 22:30Current

6.8Medium risk

Vulners AI Score6.8

CVSS 26.8

EPSS0.01046

cve-2014-9394 cross-site request forgery csrf pwgrandom wordpress xss remote attack