CVE-2015-9426
The CVE affects the WordPress plugin Manual Image Crop (pre-1.11). It describes a CSRF vulnerability that can lead to an XSS condition via wp-admin/admin-ajax.php?action=mic_editor_window with the postId parameter. Affected component: manual-image-crop plugin for WordPress; root cause: CSRF enabl...