- A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.
- Users should contact vendors for specific patch information.
- WordPress Plugin Ninja Forms-The Easy and Powerful Forms Builder Cross-Site Request Forgery (2.7.7)
- WordPress Plugin Disable Comments Cross-Site Request Forgery (1.0.3)
- WordPress Plugin Metronet Tag Manager Cross-Site Request Forgery (1.2.7)
- WordPress Plugin Coming Soon/Maintenance mode Ready! Cross-Site Request Forgery (0.5.0)
- Apache 2.x version older than 2.2.9