Login Widget With Shortcode 3.1.1 - CSRF/XSS

Affects Plugin

fixed in version 3.2.1

References

CVE 2014-6312
PacketStorm 128291
URL https://seclists.org/fulldisclosure/2014/Sep/58
URL https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do/

Classification

Type MULTI

Miscellaneous

Submitter pvdl
Views 6485
Verified No
WPVDB ID 7577

Timeline

Publicly Published 2014-09-21 (almost 6 years ago)
Added 2014-09-21 (almost 6 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin