Back to search
CVE-2015-4140
Published: Jun 18, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20150531 Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress
mailing-list
x_refsource_MLIST
74914
vdb-entry
x_refsource_BID
[oss-security] 20150529 CVE request: XSS and CSRF in WP Smiley plugin for WordPress
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now