CVE-2014-9460

Name of the Vulnerable Software and Affected Versions WP-ViperGB plugin versions prior to 1.3.11

Description The issue allows remote attackers to hijack the authentication of administrators for requests, potentially leading to changes in plugin settings or cross-site scripting (XSS) attacks. This can be achieved via unspecified vectors or through the vgb page or vgb items per pg parameters in the "wp-vipergb" page to "wp-admin/options-general.php".

Recommendations For WP-ViperGB plugin versions prior to 1.3.11, update to version 1.3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-vipergb" page and the "wp-admin/options-general.php" endpoint to minimize the risk of exploitation. Avoid using the vgb page and vgb items per pg parameters in the affected endpoint until the issue is resolved.