Multiple CSRF Vulnerabilities in Recaptcha Plugin for WordPress
CVE-2011-0759

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-recaptcha
Vendor: CVE Published:; 22 March 2011

What is CVE-2011-0759?

The WP-reCAPTCHA plugin version 2.9.8.2 for WordPress contains several cross-site request forgery (CSRF) vulnerabilities that could enable remote attackers to perform actions on behalf of administrators. These vulnerabilities can facilitate the bypassing of CAPTCHA requirements or the insertion of malicious cross-site scripting (XSS) code through specific request parameters. Attackers may exploit this vulnerability to hijack the authentication process, resulting in unauthorized control over administrative functionalities within the plugin.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66167

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/46909

vdb-entryx_refsource_BID

http://secunia.com/advisories/43771

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2011
Vulnerability Reserved
Feb 3, 2011

Wordpress

What is CVE-2011-0759?

References

Timeline