Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2014-9441 - Vulnerability Database
lightbox2

lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2014-9441

Medium
Reference: CVE-2014-9441
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9441
Title: lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__optimage2_url or (3) ll__optimage3_url parameter in a ll_save_settings action to wp-admin/admin-ajax.php.