Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php.

Remediation

References

CVE-2014-9441

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18098)

Oracle JRE CVE-2013-2416 Vulnerability (CVE-2013-2416)

WordPress Plugin Catch Themes Demo Import Remote Code Execution (2.1)

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.11.19)

WordPress Plugin Real Estate Website Builder 'ajax_action' Parameter Cross-Site Scripting (0.1.0)

Severity

Medium

Classification

CVE-2014-9441 CWE-352

Tags

Missing Update Known Vulnerabilities