CVE-2014-9524

Name of the Vulnerable Software and Affected Versions cardoza-facebook-like-box plugin versions prior to 2.8.3 for WordPress

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, potentially leading to changes in plugin settings or cross-site scripting (XSS) attacks. The XSS attacks can be conducted via the frm title, frm url, frm border color, frm width, or frm height parameter in the "slug for fb like box" page to "wp-admin/admin.php".

Recommendations For versions prior to 2.8.3, update the cardoza-facebook-like-box plugin to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation. Avoid using the vulnerable parameters frm title, frm url, frm border color, frm width, or frm height in the affected page until the issue is resolved.