2 matches found
CVE-2015-4140
Cross-site request forgery CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.ph...
CVE-2015-4140
CVE-2015-4140 : In the WP Smiley plugin for WordPress (version 1.4.1), a CSRF vulnerability allows remote attackers to hijack the authentication of editors and carry out cross-site scripting (XSS) via the s4w-more parameter to smilies4wp.php, targeting wp-admin/options-general.php. The issue stem...