9 matches found
EUVD-2014-9160
Malware in sbrugna...
WordPress Plugin DandyID Services Has Multiple Cross-Site Request Forgery Vulnerabilities
WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. Multiple cross-site request forgery vulnerabilities in WordPress plugin DandyID Services 1.5.9 and earlier versions allow remote attackers t...
CVE-2014-9335
Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...
CVE-2014-9335
CVE-2014-9335 affects the WordPress plugin DandyID Services (versions 1.5.9 and earlier). The vulnerability is a CSRF flaw that allows an attacker to hijack an administrator’s authentication to perform actions that can lead to XSS, via the email_address and sidebarTitle parameters in dandyid-serv...
CVE-2014-9335
Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...
WordPress DandyID Services ID 1.5.9 CSRF / XSS
Title: CSRF/XSS Vulnerability in DandyID Services WP Plugin Author: Manideep K CVE-ID: CVE-2014-9335 Plugin Homepage: https://wordpress.org/plugins/dandyid-services/ Version Affected: 1.5.9 probably lower versions Severity: High About Plugin: DandyID is a free service that enables you to connect,...
DandyID Services <= 1.5.9 - Multiple CSRF
Plugin is still affected and has been closed...
WordPress DandyID Services Plugin <= 1.5.9 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...