ThreatPress

WordPress Vulnerabilities Database

Back

WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS

Product
DVS Custom Notification
Description
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2012-4921
Versions
Affected In <= 1.0.1
Fixed In 1.0.2
Disclosure date
2012-09-14