EUVD-2014-9219

Malware in sbrugna...

WordPress plugin Easy Liveblogs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Workshop on the Economics of Information Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks...

Details from the 2017 Workshop on Economics and Information Security

The 16th Workshop on Economics and Information Security was this week. Ross Anderson liveblogged the talks...

WordPress Plugin Twitter LiveBlog Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Twitter LiveBlog plugin is a plugin for dynamic posting of articles or tweets. The WordPress plugin Twitter LiveBlog cross-site request...

CVE-2014-9398

Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...

CVE-2014-9398

The CVE-2014-9398 entry concerns the WordPress Twitter LiveBlog plugin (versions 1.1.2 and earlier). The vulnerability is a CSRF flaw that allows an attacker to hijack an administrator’s authenticated session to perform actions that may enable XSS via the mashtlb_twitter_username parameter in twi...

CVE-2014-9398

Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...

Twitter Liveblog <= 1.1.2 - Multiple CSRF

Plugin is still affected and has been closed...

WordPress Twitter LiveBlog 1.1.2 CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in Twitter LiveBlog Wordpress Plugin Author: Manideep K CVE-ID: CVE-2014-9398 Plugin Homepage: https://wordpress.org/plugins/twitter-liveblog/ Version Affected: 1.1.2 probably lower versions Severity: High Description: Vulnerable Parameter:...

WordPress Twitter LiveBlog Plugin <= 1.1.2 - CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...