8 matches found
EUVD-2014-9213
Malware in sbrugna...
WordPress Plugin PictoBrowser Cross-Site Request Forgery Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.PictoBrowser plugin is a plugin for photo gallery browsing. WordPress plugin PictoBrowser cross-site request forgery...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the PictoBrowser pictobrowser-gallery plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the pictoBrowserFlickrUser parameter ...
CVE-2014-9392
Cross-site request forgery CSRF vulnerability in the PictoBrowser pictobrowser-gallery plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the pictoBrowserFlickrUser parameter ...
CVE-2014-9392
The CVE-2014-9392 entry concerns the WordPress PictoBrowser plugin (up to version 0.3.1). A CSRF flaw allows remote attackers to hijack administrator sessions to trigger XSS via the pictoBrowserFlickrUser parameter on options-page.php leading to wp-admin/options-general.php. This combines CSRF wi...
Pictobrowser Gallery <= 0.3.1 - Multiple CSRF
Plugin is still affected and has been closed...
WordPress PictoBrowser 0.3.1 CSRF / XSS
Title: CSRF / Stored XSS Vulnerability in PictoBrowser Wordpress Plugin Author: Manideep K CVE-ID: CVE-2014-9392 Plugin Homepage: https://wordpress.org/plugins/pictobrowser-gallery/ Version Affected: 0.3.1 probably lower versions Severity: High Description: Vulnerable Parameter: all text boxes, t...
WordPress PictoBrowser Plugin <= 0.3.1 - CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...