CSRF Vulnerability in Dropdown Menu Widget for WordPress by WordPress
CVE-2013-2704

Currently unrated

Key Information:

Vendor: Wordpress
Status: Dropdown Menu Widget
Vendor: CVE Published:; 12 July 2013

Summary

The Dropdown Menu Widget plugin for WordPress version 1.9.1 contains a cross-site request forgery (CSRF) vulnerability that allows remote attackers to exploit user authentication. By tricking authenticated users into submitting a crafted request, an attacker could inadvertently execute unauthorized actions on behalf of the user. This flaw enables potential malicious input, such as cross-site scripting (XSS) sequences, compromising the security of the application and affecting user data integrity. Users are advised to implement security best practices, such as updating to the latest version and employing proper access controls.

References

http://wordpress.org/plugins/dropdown-menu-widget/changelog/

x_refsource_MISC

http://secunia.com/advisories/52958

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 12, 2013