CVE-2014-9129

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cm Download Manager
Vendor: CVE Published:; 5 December 2014

Summary

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.

References

https://downloadsmanager.cminds.com/release-notes/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/129357/WordPress-CM-...

x_refsource_MISC

http://www.securityfocus.com/archive/1/534132/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 5, 2014
Vulnerability Reserved
Nov 28, 2014