WordPress Plugin Vulnerabilities

Login Widget With Shortcode 3.1.1 - CSRF/XSS

Description

The Login Widget With Shortcode WordPress plugin was affected by a CSRF/XSS security vulnerability.

Affects Plugins

Plugin icon
login-sidebar-widget
Fixed in 3.2.1

References

CVE
CVE-2014-6312
URL
https://packetstormsecurity.com/files/#128291/
URL
https://seclists.org/fulldisclosure/2014/Sep/58
URL
https://advisories.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do/

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
5f66d015-07ce-47aa-b643-7d77e9c9717b

Timeline

Publicly Published
2014-09-21 (about 11 years ago)
Added
2014-09-21 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2015-05-21
Title
WP Membership <= 1.2.3 - Multiple Vulnerabilities
Published
2017-04-01
Title
Image Gallery with Slideshow <= 1.5.2 - Multiple XSS and SQL Injection
Published
2016-03-07
Title
SP Projects & Document Manager < 2.6.0.0 - Multiple Vulnerabilities
Published
2014-08-01
Title
WordPress 3.3.1 - Multiple Vulnerabilities including XSS & Privilege Escalation
Published
2017-05-31
Title
Tribulant Newsletters < 4.6.5 – Multiple Vulnerabilities