Cross-Site Request Forgery Vulnerability in iMember360 Plugin for WordPress
CVE-2014-8948

Currently unrated

Key Information:

Vendor: Wordpress
Status: Imember360
Vendor: CVE Published:; 16 November 2014

Summary

The iMember360 plugin for WordPress versions 3.8.012 through 3.9.001 contains a cross-site request forgery (CSRF) vulnerability. This allows remote attackers to exploit the i4w_trace parameter and potentially hijack the authentication of administrators, leading to unauthorized actions within the application. If successfully utilized, this vulnerability could be combined with other vulnerabilities to execute arbitrary commands, thus posing a significant security risk to affected WordPress sites.

References

http://secunia.com/advisories/58094

third-party-advisoryx_refsource_SECUNIA

http://packetstormsecurity.com/files/126324/WordPress-iMe...

x_refsource_MISC

http://www.exploit-db.com/exploits/33076

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Nov 16, 2014
Vulnerability Reserved
Nov 15, 2014