Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...

CVE-2014-9437

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

CVE-2014-5199

Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...

CVE-2014-5199

CVE-2014-5199 is a CSRF vulnerability in the WordPress File Upload plugin (wp-file-upload) for WordPress, affecting versions before 2.4.2. The issue allows remote attackers to hijack the administrator’s authentication for requests that change plugin settings via unspecified vectors. Root cause is...

WordPress File Upload Plugin <= 2.4.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. Solution Update the plugin...

CVE-2014-3850

Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...

CVE-2014-3845

Cross-site request forgery CSRF vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third par...

CVE-2014-3845

CVE-2014-3845 affects the TinyMCE Color Picker WordPress plugin before version 1.2. The vulnerability is a Cross-site request forgery (CSRF) that allows remote attackers to hijack the authentication of unspecified users to perform requests that change plugin settings via unknown vectors. The unde...

CVE-2014-3844

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings...

CVE-2013-2705

Cross-site request forgery CSRF vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings...

CVE-2013-2708

Cross-site request forgery CSRF vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors...

CVE-2013-2693

Cross-site request forgery CSRF vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors...

CVE-2013-3251

Cross-site request forgery CSRF vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors...

WordPress XCloner插件跨站请求伪造漏洞

WordPress是一款内容管理系统。 应用程序允许用户通过未经验证检查的HTTP请求执行某些操作，攻击者可以利用漏洞在欺骗管理员用户登录特制网页时操纵插件设置。 0 WordPress XCloner Plugin 3.x WordPress XCloner Plugin 3.1.1版本以修复此漏洞，建议用户下载使用： http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/...