CSRF Vulnerability in Sentinel Plugin for WordPress by WordPress
CVE-2011-5226

Currently unrated

Key Information:

Vendor: Wordpress
Status: Sentinel
Vendor: CVE Published:; 25 October 2012

Summary

The Sentinel plugin version 1.0.0 for WordPress is vulnerable to Cross-Site Request Forgery (CSRF), which allows attackers to exploit the authentication of administrators. By crafting malicious requests, an attacker can hijack an admin’s session and trigger actions such as creating snapshots without permission. Users of the plugin should take immediate steps to update to the latest version to safeguard against this vulnerability.

References

http://www.securityfocus.com/bid/51089

vdb-entryx_refsource_BID

http://wordpress.org/extend/plugins/wordpress-sentinel/ch...

x_refsource_CONFIRM

http://osvdb.org/77778

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Oct 25, 2012
Vulnerability Reserved
Oct 25, 2012