QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9334

Published: Dec 24, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or (2) password parameter in the bird-feeder page to wp-admin/options-general.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/129623/WordPress-Bird-Feeder-1.2.3-CSRF-XSS.html

x_refsource_MISC

20141217 Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

mailing-list

x_refsource_FULLDISC

birdfeeder-wordperss-multiple-xss(99474)

vdb-entry

x_refsource_XF

http://www.vulnerability-lab.com/get_content.php?id=1372

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.