2 matches found
CVE-2014-9525
Multiple cross-site request forgery CSRF vulnerabilities in the Timed Popup wp-timed-popup plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attack...
CVE-2014-9525
CVE-2014-9525 affects the WordPress Timed Popup (wp-timed-popup) plugin v1.3. It contains CSRF vulnerabilities that allow remote attackers to hijack administrator authentication to change plugin settings via unspecified vectors, and also to perform XSS through the sc_popup_subtitle parameter on w...