CVE-2015-9434

Name of the Vulnerable Software and Affected Versions kiwi-logo-carousel plugin versions prior to 1.7.2

Description The issue concerns a CSRF vulnerability that can lead to XSS. It is exploitable via the "wp-admin/edit.php" endpoint, specifically through the post type, page, tab, or tab flags order parameters.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue.