47 matches found
WordPress plugin Yet Another Related Posts '/wp-admin/options-general.php' cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.Yet Another Related Posts Plugin for WordPress is a wordpress plugin. The WordPress plugin Yet Another Related Posts...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the bannereffectemail parameter in the BannerEffectOptions pag...
WordPress plugin Banner Effect Header 'options-general.php' cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Banner Effect Header 'options-general.php' as it fails to...
CVE-2014-9335
Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...
CVE-2014-9335
Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...
CVE-2014-9338
CVE-2014-9338 concerns the WordPress plugin O2Tweet (versions 0.0.4 and earlier). The connected documents describe multiple CSRF vulnerabilities that allow remote attackers to hijack an administrator’s authentication for requests that trigger cross-site scripting (XSS) via the parameters o2t_user...
CVE-2014-9100
Cross-site scripting XSS vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydoworkadsense page to wp-admin/options-general.php...