2 matches found
CVE-2015-0895
Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...
CVE-2015-0895
All In One WP Security & Firewall for WordPress (versions before 3.9.0) is affected by a CSRF vulnerability that can allow an attacker, while a logged-in admin exists, to hijack the administrator’s authentication to delete 404 logs via forged requests. Root cause is CSRF in the plugin; impact inc...