CVE-2015-1581

Name of the Vulnerable Software and Affected Versions Mobile Domain plugin version 1.5.2 for WordPress

Description The issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to change plugin settings or conduct cross-site scripting (XSS) attacks. This is achieved via the domain, text, font, fontcolor, color, or padding parameter in an add-domain action in the "mobile-domain" page to "wp-admin/options-general.php".

Recommendations For Mobile Domain plugin version 1.5.2, consider disabling the add-domain action in the mobile-domain page until a patch is available to prevent exploitation. Restrict access to the wp-admin/options-general.php page to minimize the risk of exploitation. Avoid using the domain, text, font, fontcolor, color, or padding parameters in the affected action until the issue is resolved.