Cross-Site Request Forgery Vulnerability in Our Team Showcase Plugin by WordPress
CVE-2014-9523

Currently unrated

Key Information:

Vendor
Wordpress
Status
Our Team Showcase
Vendor
CVE Published:
5 January 2015

Summary

The Our Team Showcase plugin for WordPress is vulnerable to multiple Cross-Site Request Forgery (CSRF) vulnerabilities, affecting versions prior to 1.3. These vulnerabilities allow remote attackers to compromise the authentication of administrators, enabling them to make unauthorized changes to plugin settings through various vectors. Additionally, attackers can potentially exploit the plugin to initiate Cross-Site Scripting (XSS) attacks via manipulation of parameters in the sc_team_settings page while accessing wp-admin/edit.php. Website owners using this plugin should update to the latest version to mitigate this risk.

References

http://packetstormsecurity.com/files/129499/WordPress-Our...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.