1 results (0.000 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php. Múltiples vulnerabilidades de CSRF en el plugin DandyID Services 1.5.9 y anteriores para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que provocan ataques de XSS a través del parámetro (1) email_address o (2) sidebarTitle en la página dandyid-services.php hacia wp-admin/options-general.php. WordPress DandyID Services plugin version 1.5.9 suffers from cross site request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129575/WordPress-DandyID-Services-ID-1.5.9-CSRF-XSS.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99502 • CWE-352: Cross-Site Request Forgery (CSRF) •