A cross site request forgery and cross site scripting are in this plugin. Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks via the “banner_effect_email” parameter, that is in the BannerEffectOptions page to wp-admin/options-general.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
banner effect header | le | 1.2.6 |