Lucene search
MitreCVELIST:CVE-2014-6312HistoryOct 15, 2014 - 2:00 p.m.
CVE-2014-6312
2014-10-1514:00:00
mitre
www.cve.org
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.
References
osvdb.org/show/osvdb/111700
osvdb.org/show/osvdb/111757
seclists.org/fulldisclosure/2014/Sep/58
www.exploit-db.com/exploits/34762
security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do
wordpress.org/plugins/login-sidebar-widget/changelog
Related
prion
prion
Cross site request forgery (csrf)
2014-10-15 14:55:00
wpvulndb
wpvulndb
Login Widget With Shortcode 3.1.1 - CSRF/XSS
2014-09-21 12:33:54
cve
cve
CVE-2014-6312
2014-10-15 14:55:08
nvd
nvd
CVE-2014-6312
2014-10-15 14:55:08