2 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php...
CVE-2014-2675
CVE-2014-2675 concerns the WordPress WP HTML Sitemap plugin (version 1.2) and its file inc/AdminPage.php. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows an attacker to hijack the administrator’s authentication to perform a sensitive action: deleting the sitemap via a request...