CVE-2014-9525

Name of the Vulnerable Software and Affected Versions wp-timed-popup plugin version 1.3

Description The issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to change plugin settings or conduct cross-site scripting (XSS) attacks. The XSS attacks can be performed via the sc popup subtitle parameter in the "wp-popup.php" page to "wp-admin/options-general.php".

Recommendations For wp-timed-popup plugin version 1.3, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the wp-admin/options-general.php page to minimize the risk of cross-site scripting (XSS) attacks via the sc popup subtitle parameter.