Posted by dxw Security on Apr 16

Details
================
Software: WordPress Content Slide
Version: 1.4.2
Homepage: http://wordpress.org/plugins/content-slide/
Advisory report:
https://security.dxw.com/advisories/csrf-and-stored-xss-in-wordpress-content-slide-allow-an-attacker-to-have-full-admin-privileges/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)

Description
================
CSRF and stored XSS in WordPress Content Slide allow an attacker to…