Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.

Remediation

References

CVE-2015-7366

Related Vulnerabilities

WordPress Plugin Securimage-WP Cross-Site Scripting (3.2.4)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5615)

WordPress Plugin TextMe SMS Cross-Site Scripting (1.8.8)

Beego Framework Improper Certificate Validation Vulnerability (CVE-2024-40464)

WordPress Plugin CloudFlare Multiple Cross-Site Scripting Vulnerabilities (1.3.20)

Severity

Medium

Classification

CVE-2015-7366 CWE-352

Tags

Missing Update Known Vulnerabilities