ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WhyDoWork AdSense Plugin - Multiple Vulnerabilities

Product
WhyDoWork AdSense
Description
WhyDoWork AdSense plugin is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. These vulnerabilities allow an attacker to execute arbitrary script code in the browser, also, steal cookie-based authentication credentials.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-2014-9099
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2014-07-28
Credits
Dylan Irzi