ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Occasions Plugin 1.0.4 - CSRF Vulnerability

Product
Occasions
Description
This vulnerability allows to enter JavaScript in occ_content1 parameter when occ_type1=1 .
Solution
Update the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.4
Fixed In 1.0.5
Disclosure date
2013-03-19
Credits
m3tamantra