ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Banner Effect Header Plugin <= 1.2.6 - Multiple Vulnerabilities

Product
Banner Effect Header
Description
A cross site request forgery and cross site scripting are in this plugin. Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks via the "banner_effect_email" parameter, that is in the BannerEffectOptions page to wp-admin/options-general.php.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2015-0920
Versions
Affected In <= 1.2.6
Fixed In 1.2.7
Disclosure date
2015-01-08