ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Login Widget With Shortcode Plugin 3.1.1 - Multiple Vulnerabilities

Product
Login Widget With Shortcode
Description
Login Widget With Shortcode plugin is prone to CSRF and XSS vulnerabilities that allow an attacker to insert arbitrary HTML into an admin page. Then an attacker can use Javascript to control an admin user’s browser and create user accounts, posts, etc.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE- 2014-6312
Versions
Affected In <= 3.1.1
Fixed In 3.1.2
Disclosure date
2014-09-25
Credits
dxw