cleantalk
Vulnerabilities and Security Researches

Login Widget With Shortcode, CVE-2014-6312

CVE, Research URL

CVE-2014-6312

Home page URL

Security reports for Login Widget With Shortcode

Application

Login Widget With Shortcode

Published on
Oct 15, 2014
Research Description
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.
Affected versions
max 3.2.1.
Status
vulnerable
Previous vulnerability researches
Login Widget With Shortcode (21810fc06f090bf5de5db5f384212ac96d3c2abd) , Jun 16, 2026
Login Widget With Shortcode (2d2da6f6-fbf4-4cfd-b671-356abfab3a38) , Jun 16, 2026
Login Widget With Shortcode (CVE-2014-6312) , Jun 06, 2024
Login Widget With Shortcode (52e985c42e71678e994e44c7eccedfdaab3c457f) , Jun 16, 2026
Login Widget With Shortcode (CVE-2024-54255) , Dec 11, 2024
New vulnerability
SS Downloads (6def7429-cfd3-442c-927c-accc1715f889) , Jun 16, 2026
SS Downloads (2d60485b-d7a3-425a-8b3c-918e1d9fb337) , Jun 16, 2026
SS Downloads (00d99cc7-9ea4-4b6c-b330-f616d0738930) , Jun 16, 2026
SS Downloads (7eb88106-453f-48a7-8490-2e88fa01ad34) , Jun 16, 2026
SS Downloads (c9fa65e8-08ce-4a6e-b253-aee1ae837d22) , Jun 16, 2026