ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Miwo FTP Plugin 1.0.5 - Multiple CSRF and XSS Vulnerabilities

Product
Miwo FTP
Description
These vulnerabilities allow an attacker to execute certain actions via HTTP requests and in that way perform others actions with administrative privileges. Also, "get" and "post" parameters are not properly sanitised and it can be used to execute arbitrary HTML code in a user's browser session in context of an affected site. Other attacks are also possible.
Solution
Update the plugin.
Classification
Type Multi
References
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.5
Fixed In 1.0.6
Disclosure date
2015-04-14
Credits
LiquidWorm