ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Dropdown Menu Widget Plugin <= 1.7.1 - CSRF and XSS

Product
Dropdown Menu Widget
Description
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross-site scripting sequences.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2013-2704
Versions
Affected In <= 1.9.1
Fixed In 1.9.2
Disclosure date
2013-03-26