Lucene search
Manideep KPATCHSTACK:A9E2F973A929E00BB98F765A3F7035EAHistoryDec 07, 2014 - 12:00 a.m.
WordPress DandyID Services Plugin <= 1.5.9 - Multiple CSRF and XSS
2014-12-0700:00:00
Manideep K
patchstack.com
6
0.002 Low
EPSS
Percentile
52.4%
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dandyid services | le | 1.5.9 |
Related
nvd
nvd
CVE-2014-9335
2014-12-19 15:59:19
packetstorm
packetstorm
WordPress DandyID Services ID 1.5.9 CSRF / XSS
2014-12-14 00:00:00
wpvulndb
wpvulndb
DandyID Services <= 1.5.9 - Multiple CSRF
2014-12-14 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-12-19 15:59:00
cve
cve
CVE-2014-9335
2014-12-19 15:59:19
cvelist
cvelist
CVE-2014-9335
2014-12-19 15:00:00