CSRF Vulnerability in WP125 Plugin for WordPress
CVE-2013-2700

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP125
Vendor: CVE Published:; 14 May 2014

Summary

The WP125 plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability that allows remote attackers to execute unauthorized actions on behalf of administrators. This vulnerability affects the Add/Edit page (adminmenus.php), where an attacker can potentially hijack an authenticated administrator's session to add or edit advertisements through cleverly crafted requests. It is essential for users of WP125 to upgrade to version 1.5.0 or later to mitigate this security risk.

References

http://osvdb.org/92113

vdb-entryx_refsource_OSVDB

http://wordpress.org/plugins/wp125/changelog

x_refsource_CONFIRM

https://plugins.trac.wordpress.org/changeset/692721

x_refsource_CONFIRM

Timeline

Vulnerability published
May 14, 2014
Vulnerability Reserved
Mar 26, 2013