Cross-Site Request Forgery Vulnerabilities in IndiaNIC Testimonial Plugin for WordPress
CVE-2013-5672

Currently unrated

Key Information:

Vendor: Wordpress
Status: Testimonial Plugin
Vendor: CVE Published:; 10 September 2013

Summary

The IndiaNIC Testimonial plugin for WordPress versions prior to 2.2 is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities could enable remote attackers to craft malicious requests that hijack the authentication of administrators. Attackers can exploit this to add testimonials, listing templates, and widget templates without proper authorization. Furthermore, the plugin allows the injection of cross-site scripting (XSS) payloads through various parameters such as project name, client details, and more. Successful exploitation can lead to unauthorized actions and expose sensitive information, posing a significant risk to site integrity and user data.

References

http://www.securityfocus.com/bid/62109

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2013/Sep/5

mailing-listx_refsource_FULLDISC

http://seclists.org/oss-sec/2013/q3/531

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Sep 10, 2013
Vulnerability Reserved
Sep 1, 2013