CVE-2014-9524
Easy Social Like Box – Popup – Sidebar Widget < 2.8.3 - Cross-Site Scripting
highImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
7.1
CVSS Score
7.1
CVSS Score
high
Severity
2.8.3
Patched in
3329d
Time to patch
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LAttack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Low
Confidentiality
Low
Integrity
Low
Availability
Technical Details
Affected versions
<2.8.3PublishedDecember 12, 2014
Last updatedJanuary 22, 2024
Affected plugincardoza-facebook-like-box
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.