ThreatPress

WordPress Vulnerabilities Database

Back

WordPress PWG Random Plugin <= 1.11 - Multiple Vulnerabilities

Product
PWG Random
Description
This plugin is prone to a cross site scripting and cross site request forgery attacks. The attackers can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies . Parameters "pwgrandom_title," and pwgrandom_category" are vulnerable.
Solution
Update the plugin.
Classification
Type Multi
References
Packet Storm Security
CVE
Name CVE-N/A
Versions
Affected In <= 1.11
Fixed In 1.12
Disclosure date
2014-12-09
Credits
Manideep K
Submitter
ThreatPress