Cross site scripting

Cross-site scripting XSS vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannereffectdivid parameter in the BannerEffectOptions page to wp-admin/options-general.php...

CVE-2015-0920

Cross-site request forgery CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the bannereffectemail parameter in the BannerEffectOptions pag...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the bannereffectemail parameter in the BannerEffectOptions pag...

CVE-2015-0920

Cross-site request forgery CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the bannereffectemail parameter in the BannerEffectOptions pag...

CVE-2015-0920

CVE-2015-0920 affects the Banner Effect Header WordPress plugin (version 1.2.6). A CSRF vulnerability allows remote attackers to hijack administrator authentication to trigger XSS via the banner_effect_email parameter on the BannerEffectOptions page (wp-admin/options-general.php). The issue is ex...