WordPress plugin CrossSlide jQuery cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . CrossSlide jQuery is one of the implementation of the slide show animation effect of the plugin . A cross-site...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...

CVE-2015-2089

CVE-2015-2089 concerns the CrossSlide jQuery plugin for WordPress (version 2.0.5 and earlier). The vulnerability arises from CSRF flaws in the plugin’s admin flow: parameters such as csj_width, csj_height, csj_sleep, csj_fade, and upload_image pass through the thisismyurl_csj.php page to wp-admin...

WordPress CrossSlide jQuery Plugin <= 2.0.5 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting XSS attacks via the several parameters "csjfade", "csjsleep", "csjwidth", "uploadimage", "csjheight" in in the thisismyurlcsj.ph...

CrossSlide jQuery Plugin <= 2.0.5 - Stored XSS & CSRF

The crossslide-jquery-plugin-for-wordpress WordPress plugin was affected by a Stored XSS & CSRF security vulnerability...