ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Our Team Showcase Plugin <= 1.2 - Multiple CSRF and XSS

Product
Our Team Showcase
Description
Because of these cross-site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way, they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-9523
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2015-01-05
Credits
Morten Nørtoft