5 matches found
CVE-2015-5483
Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...
CVE-2015-5483
Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...
CVE-2015-5483
The Private Only WordPress plugin (version 3.5.1) contains CSRF and XSS vulnerabilities that can let an attacker cause an admin to execute actions such as adding users, deleting posts, or modifying PHP files, due to missing CSRF protections and insufficient escaping (esc_attr()). Impact includes ...
WordPress Private Only 3.5.1 CSRF / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Details ================ Software: Private Only Version: 3.5.1 Homepage: http://wordpress.org/plugins/private-only/ Advisory report:...
WordPress Private Only 3.5.1 CSRF / Cross Site Scripting
Details ================ Software: Private Only Version: 3.5.1 Homepage: http://wordpress.org/plugins/private-only/ Advisory report: https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/ CVE: CVE-2015-5483 CVSS:...