CVE-2014-9437

Name of the Vulnerable Software and Affected Versions Sliding Social Icons plugin version 1.61 for WordPress

Description The issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to change plugin settings or conduct cross-site scripting (XSS) attacks. This can be achieved via the sc social slider margin parameter in a wpbs save settings action in the wpbs panel page to wp-admin/admin.php.

Recommendations For Sliding Social Icons plugin version 1.61, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the wpbs panel page in wp-admin/admin.php to minimize the risk of exploitation. Avoid using the sc social slider margin parameter in the affected wpbs save settings action until the issue is resolved.