MidnightBSD

Advisories for manual_image_crop_project

CVE-2015-9426 LOW

The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
manual_image_crop_project manual_image_crop *