Description
WordPress Plugin WP Coder-add custom html, css and js code is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WP Coder-add custom html, css and js code version 2.5.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.5.3 or latest
References
Related Vulnerabilities
WordPress Plugin WP Accessibility Cross-Site Scripting (1.6.10)
Moodle Improper Access Control Vulnerability (CVE-2015-2267)
WordPress Plugin Site Import Remote File Inclusion (1.0.1)
WordPress Plugin Sagenda-Free booking system PHP Object Injection (1.3.2)
WordPress Plugin File Manager Unspecified Vulnerability (4.1.4)