EUVD-2012-4846

Malware in sbrugna...

DVS Custom Notification - Cross-Site Request Forgery

The dvs-custom-notification WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...

CVE-2012-4921

Multiple cross-site request forgery CSRF vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change application settings or 2 conduct cross-site scripting XSS attacks...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change application settings or 2 conduct cross-site scripting XSS attacks...

CVE-2012-4921

The CVE-2012-4921 entry concerns the WordPress plugin DVS Custom Notification (versions

CVE-2012-4921

Multiple cross-site request forgery CSRF vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change application settings or 2 conduct cross-site scripting XSS attacks...

WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...