The WP Simple Adsense Insertion WordPress plugin prior to 2.1 does not perform CSRF checks on updates to its admin page, allowing an malicious user to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tipsandtricks-hq wp simple adsense insertion |