ThreatPress

WordPress Vulnerabilities Database

Back

WordPress CrossSlide jQuery Plugin <= 2.0.5 - Multiple CSRF

Product
CrossSlide jQuery
Description
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting (XSS) attacks via the several parameters ("csj_fade", "csj_sleep", "csj_width", "upload_image", "csj_height") in in the thisismyurl_csj.php page to wp-admin/options-general.php.
Solution
Upgrade the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2015-2089
Versions
Affected In <= 2.0.5
Fixed In 2.0.6
Disclosure date
2015-02-26
Credits
Morten Nørtoft