CVE-2015-4140

Name of the Vulnerable Software and Affected Versions WP Smiley plugin version 1.4.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the s4w-more parameter to the "smilies4wp.php" page, which is accessed through "wp-admin/options-general.php".

Recommendations For WP Smiley plugin version 1.4.1, consider disabling access to the smilies4wp.php page until a patch is available. Restrict the use of the s4w-more parameter in the affected API endpoint to minimize the risk of exploitation.