Cross-Site Request Forgery Vulnerability in Blue Wrench Video Widget Plugin
CVE-2013-6797

Currently unrated

Key Information:

Vendor: Wordpress
Status: Blue Wrench Video Widget
Vendor: CVE Published:; 19 November 2013

What is CVE-2013-6797?

The Blue Wrench Video Widget plugin for WordPress contains a CSRF vulnerability that allows remote attackers to exploit the bw_url parameter. By embedding malicious URLs, attackers can hijack administrator authentication and execute unauthorized actions. This flaw affects users of versions prior to 2.0.0, making it crucial for site administrators to update to mitigate potential risks. Exercise caution when implementing this plugin, especially with untrusted URLs.

References

http://wordpress.org/plugins/blue-wrench-videos-widget/ch...

x_refsource_CONFIRM

http://osvdb.org/98923

vdb-entryx_refsource_OSVDB

http://osvdb.org/98922

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 19, 2013

Wordpress

What is CVE-2013-6797?

References

Timeline