2 matches found
CVE-2015-0920
Cross-site request forgery CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the bannereffectemail parameter in the BannerEffectOptions pag...
CVE-2015-0920
CVE-2015-0920 affects the Banner Effect Header WordPress plugin (version 1.2.6). A CSRF vulnerability allows remote attackers to hijack administrator authentication to trigger XSS via the banner_effect_email parameter on the BannerEffectOptions page (wp-admin/options-general.php). The issue is ex...