CVE-2014-9397
CVE-2014-9397 describes a CSRF (with potential XSS) vulnerability in the WordPress plugin twimp-wp . The flaw allows remote attackers to hijack an administrator’s session and perform actions by exploiting the parameter message_format in the file twimp-wp.php when accessing wp-admin/options-genera...