EUVD-2015-9274

Malware in sbrugna...

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos=kwlogossettings tab or tabflagsorder parameter...

WordPress kiwi-logo-carousel plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. kiwi-logo-carousel is a rotating effect plugin used in it. A cross-site request forgery vulnerability exists in WordPress kiwi-logo-carousel plugin...

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos&page=kwlogossettings tab or tabflagsorder parameter...

CVE-2015-9434

The CVE relates to the WordPress plugin kiwi-logo-carousel prior to version 1.7.2, where CSRF enables cross-site scripting (XSS) via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or the tab_flags_order parameter. The underlying issue is CSRF that allows an authenticated attack...

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos&page=kwlogossettings tab or tabflagsorder parameter...

WordPress Kiwi Logo Carousel Plugin <= 1.7.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Vulnerable parameter is "tabflagsorder". Solution Update this plugin...

WordPress Kiwi Logo Carousel Plugin <= 1.7.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Vulnerable parameter is "tabflagsorder". Solution Update this plugin...