Description
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)
WordPress Plugin WooCommerce-Store Exporter Multiple Cross-Site Scripting Vulnerabilities (1.7.5)
WordPress Plugin RSVPmaker Excel Cross-Site Scripting (1.1)
WordPress Plugin Fetch Tweets Unspecified Vulnerability (1.3.3.6)