Cross-Site Request Forgery Vulnerability in underConstruction Plugin for WordPress
CVE-2013-2699

Currently unrated

Key Information:

Vendor: Wordpress
Status: Underconstruction
Vendor: CVE Published:; 10 April 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the underConstruction plugin for WordPress, specifically in versions prior to 1.09. This flaw allows remote attackers to exploit the authentication of administrators, enabling them to send requests that can deactivate the plugin without the administrators' consent. The attack leverages unspecified vectors, posing a significant risk to website integrity.

References

http://osvdb.org/93857

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/52881

third-party-advisoryx_refsource_SECUNIA

http://wordpress.org/plugins/underconstruction/changelog

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 10, 2014
Vulnerability Reserved
Mar 26, 2013