2 matches found
Code injection
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via addqueryarg and removequeryarg, a different issue than CVE-2014-9460...
CVE-2014-9460
CVE-2014-9460 affects the WordPress WP-ViperGB plugin prior to 1.3.11. Multiple CSRF flaws allow remote attackers to hijack administrator authentication by submitting requests that (1) change plugin settings via unspecified vectors or (2)-(3) trigger XSS via vgb_page or vgb_items_per_pg on wp-adm...