Cross-Site Request Forgery Vulnerabilities in IndiaNIC Testimonial Plugin for WordPress
CVE-2013-5672

Currently unrated

Key Information:

Vendor

Wordpress
Status
Testimonial Plugin
Vendor
CVE Published:
10 September 2013

What is CVE-2013-5672?

The IndiaNIC Testimonial plugin for WordPress versions prior to 2.2 is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities could enable remote attackers to craft malicious requests that hijack the authentication of administrators. Attackers can exploit this to add testimonials, listing templates, and widget templates without proper authorization. Furthermore, the plugin allows the injection of cross-site scripting (XSS) payloads through various parameters such as project name, client details, and more. Successful exploitation can lead to unauthorized actions and expose sensitive information, posing a significant risk to site integrity and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/62109
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2013/Sep/5
mailing-listx_refsource_FULLDISC
http://seclists.org/oss-sec/2013/q3/531
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.