CVE-2013-2704 – Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-2704

Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el pluging Dropdown Menu Widget v1.9.1 para WordPress, permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que inserten secuencias de comandos en sitios cruzados. Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.7 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. • http://secunia.com/advisories/52958 http://wordpress.org/plugins/dropdown-menu-widget/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •