RSA Authentication Manager is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
Several vulnerabilities were reported in WordPress. A remote authenticated user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information.