CVE-2014-9525
CVE-2014-9525 affects the WordPress Timed Popup (wp-timed-popup) plugin v1.3. It contains CSRF vulnerabilities that allow remote attackers to hijack administrator authentication to change plugin settings via unspecified vectors, and also to perform XSS through the sc_popup_subtitle parameter on w...