ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Mobile Domain Plugin <= 1.5.2 - Multiple CSRF

Product
Mobile Domain
Description
Because of multiple cross site request forgery vulnerabilities, remote attackers can change the plugin's admin settings by tricking a logged in admin to visit a crafted page.
Solution
Upgrade the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2015-1581
Versions
Affected In <= 1.5.2
Fixed In 1.5.3
Disclosure date
2015-02-11
Credits
Morten Nørtoft