Quick Post Widget Plugin Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Quick Post Widget plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.

Quick Post Widget 1.9.1 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus