Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-31T21:00:00

Updated: 2024-08-06T13:40:25.216Z

Reserved: 2014-12-17T00:00:00

Link: CVE-2014-9401

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-31T21:59:14.077

Modified: 2024-11-21T02:20:47.293

Link: CVE-2014-9401

cve-icon Redhat

No data.