Vulnerabilities > Whydowork Adsense Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-26 | CVE-2014-9100 | Cross-Site Scripting vulnerability in Whydowork Adsense Project Whydowork Adsense 1.2 Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php. | 4.3 |
2014-11-26 | CVE-2014-9099 | Cross-Site Request Forgery (CSRF) vulnerability in Whydowork Adsense Project Whydowork Adsense 1.2 Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | 6.8 |