WordPress Plugin Vulnerabilities

Improved User Search in Backend < 1.2.6 - CSRF & XSS

Description

The Improved user search in backend WordPress plugin was affected by a CSRF & XSS security vulnerability.

Affects Plugins

Plugin icon
improved-user-search-in-backend
Fixed in 1.2.6

References

CVE
CVE-2014-5196
URL
https://advisories.dxw.com/advisories/csrf-and-xss-in-improved-user-search-allow-execution-of-arbitrary-javascript-in-wordpress-admin-area/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
erwanlr
Verified
No
WPVDB ID
a880f981-bdc6-4fa6-9407-b91d3a828ffe

Timeline

Publicly Published
2014-09-19 (about 11 years ago)
Added
2014-09-19 (about 11 years ago)
Last Updated
2020-10-25 (about 5 years ago)

Other

Published
Title
Published
2023-08-16
Title
WooCommerce PDF Invoice Builder < 1.2.91 - Invoice Fields Creation via CSRF
Published
2024-05-25
Title
Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery
Published
2023-06-02
Title
Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS
Published
2025-04-17
Title
Style Manager <= 2.2.7 - Cross-Site Request Forgery to Settings Update
Published
2025-03-28
Title
OmniLeads Scripts and Tags Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting