1 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el pluging Dropdown Menu Widget v1.9.1 para WordPress, permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que inserten secuencias de comandos en sitios cruzados. Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.7 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. • http://secunia.com/advisories/52958 http://wordpress.org/plugins/dropdown-menu-widget/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •