CVE-2014-9400

Name of the Vulnerable Software and Affected Versions Wp Unique Article Header Image plugin version 1.0 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the gt default header or gt homepage header parameter in the "wp-unique-header.php" page to "wp-admin/options-general.php".

Recommendations For Wp Unique Article Header Image plugin version 1.0 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the wp-admin/options-general.php page to minimize the risk of exploitation. Avoid using the gt default header and gt homepage header parameters in the affected page until the issue is resolved.