CVE-2015-2089

Name of the Vulnerable Software and Affected Versions crossslide-jquery-plugin-for-wordpress version 2.0.5

Description The issue allows remote attackers to hijack the authentication of administrators for requests, potentially leading to changes in plugin settings or cross-site scripting (XSS) attacks. This is achieved via the csj width, csj height, csj sleep, csj fade, or upload image parameter in the "thisismyurl csj.php" page to "wp-admin/options-general.php".

Recommendations For crossslide-jquery-plugin-for-wordpress version 2.0.5, consider disabling the plugin until a patch is available to prevent potential exploitation. As a temporary workaround, restrict access to the "thisismyurl csj.php" page and the parameters csj width, csj height, csj sleep, csj fade, and upload image to minimize the risk of hijacking administrator authentication.