2 matches found
CVE-2014-9335
Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...
CVE-2014-9335
CVE-2014-9335 affects the WordPress plugin DandyID Services (versions 1.5.9 and earlier). The vulnerability is a CSRF flaw that allows an attacker to hijack an administrator’s authentication to perform actions that can lead to XSS, via the email_address and sidebarTitle parameters in dandyid-serv...