Cross-Site Request Forgery Vulnerability in WordPress Simple Paypal Shopping Cart Plugin
CVE-2013-2705

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress Simple Paypal Shopping Cart
Vendor: CVE Published:; 13 May 2014

Summary

A cross-site request forgery (CSRF) vulnerability exists in the Simple Paypal Shopping Cart plugin for WordPress versions before 3.6. This flaw allows remote attackers to exploit admin authentication, potentially enabling unauthorized modifications to plugin settings. By tricking authenticated administrators into clicking on a malicious link, attackers can perform actions without the user's consent, resulting in a breach of site integrity.

References

http://www.tipsandtricks-hq.com/ecommerce/wordpress-shopp...

x_refsource_CONFIRM

http://osvdb.org/93953

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/52963

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 13, 2014
Vulnerability Reserved
Mar 26, 2013