ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Rollback Plugin <= 1.2.2 - Multiple Vulnerabilities

Product
WP Rollback
Description
This plugin is prone to a cross site scripting and cross site request forgery vulnerabilities. Because of XSS vulnerability, the attackers can display any content with no filter from a simple URL, easy to include any remote malicious javascript file. Because of CSRF, anyone can force the installation of any plugin from the repository.
Solution
Update the plugin.
Classification
Type Multi
References
SecuPress
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.2
Fixed In 1.2.3
Disclosure date
2015-06-28
Submitter
ThreatPress