CVE-2014-9334

Name of the Vulnerable Software and Affected Versions Bird Feeder plugin version 1.2.3

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the user or password parameter in the "bird-feeder" page to "wp-admin/options-general.php" API endpoint.

Recommendations For Bird Feeder plugin version 1.2.3, consider disabling access to the "bird-feeder" page until a patch is available to prevent exploitation via the user or password parameters. Restrict access to the wp-admin/options-general.php endpoint to minimize the risk of cross-site scripting (XSS) attacks.