CVE-2015-0920

Name of the Vulnerable Software and Affected Versions Banner Effect Header plugin version 1.2.6

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack administrator authentication for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the banner effect email parameter in the BannerEffectOptions page to "wp-admin/options-general.php".

Recommendations For Banner Effect Header plugin version 1.2.6, avoid using the banner effect email parameter in the BannerEffectOptions page until the issue is resolved. As a temporary workaround, consider restricting access to the BannerEffectOptions page to minimize the risk of exploitation.