CVE-2014-6312

Name of the Vulnerable Software and Affected Versions Login Widget With Shortcode (login-sidebar-widget) plugin versions prior to 3.2.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the custom style afo parameter on the "login widget afo" page to "wp-admin/options-general.php".

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the login widget afo page and the wp-admin/options-general.php endpoint to minimize the risk of exploitation. Avoid using the custom style afo parameter in the affected login widget until the issue is resolved.