Security Advisory

CVE-2014-9414

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-12-24 18:00:00

Last updated 2024-08-06 13:40:25

Assigner mitre

State PUBLISHED

Description

The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the mobile_groups[*][redirect] parameter and an empty _wpnonce parameter in the w3tc_mobile page to wp-admin/admin.php.

← Browse all CVEs View on cve.org ↗