6 matches found
EUVD-2014-9166
Malware in sbrugna...
CVE-2014-9341
Multiple cross-site request forgery CSRF vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 yurllogin or 2 yurlanchor parameter in the...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 yurllogin or 2 yurlanchor parameter in the...
CVE-2014-9341
Multiple cross-site request forgery CSRF vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 yurllogin or 2 yurlanchor parameter in the...
CVE-2014-9341
CVE-2014-9341 affects the WordPress plugin yURL ReTwitt (version 1.4 and earlier). The vulnerability is a combination of CSRF and XSS: remote attackers can hijack an administrator’s session to perform actions via requests that trigger XSS through the yurl_login or yurl_anchor parameters on the yu...
WordPress yURL ReTwitt Plugin <= 1.4 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...