CVE-2014-5196

Name of the Vulnerable Software and Affected Versions Improved user search in backend plugin versions prior to 1.2.5

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack administrator authentication for requests that insert XSS sequences via the iusib meta fields parameter.

Recommendations For versions prior to 1.2.5, update to version 1.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the improved-user-search-in-backend.php file in the backend until a patch is applied. Avoid using the iusib meta fields parameter in affected requests until the issue is resolved.