CVE-2014-9391

Name of the Vulnerable Software and Affected Versions gSlideShow plugin versions 0.1 and earlier for WordPress

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the rss, display time, or transistion time parameter in the "gslideshow.php" page to "wp-admin/options-general.php".

Recommendations For gSlideShow plugin versions 0.1 and earlier, consider disabling the gslideshow.php page or restricting access to the rss, display time, and transistion time parameters until a patch is available. Avoid using these parameters in the affected page to minimize the risk of exploitation.