Cross-Site Request Forgery Vulnerability in Featured Comments Plugin for WordPress
CVE-2014-4163

Currently unrated

Key Information:

Vendor: Wordpress
Status: Featured Comments
Vendor: CVE Published:; 16 June 2014

Summary

The Featured Comments plugin for WordPress version 1.2.1 contains multiple vulnerabilities that allow attackers to exploit Cross-Site Request Forgery (CSRF). By making unauthorized requests, an attacker can manipulate comment statuses, either changing them to buried or featured. These vulnerabilities enable remote attackers to hijack the authentication of administrators, posing a significant risk to the integrity of comment management on affected WordPress sites.

References

http://seclists.org/fulldisclosure/2014/Jun/62

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 16, 2014