Cross-Site Request Forgery Vulnerability in iMember360 Plugin for WordPress
CVE-2014-8948

Currently unrated

Key Information:

Vendor

Wordpress
Status
Imember360
Vendor
CVE Published:
16 November 2014

What is CVE-2014-8948?

The iMember360 plugin for WordPress versions 3.8.012 through 3.9.001 contains a cross-site request forgery (CSRF) vulnerability. This allows remote attackers to exploit the i4w_trace parameter and potentially hijack the authentication of administrators, leading to unauthorized actions within the application. If successfully utilized, this vulnerability could be combined with other vulnerabilities to execute arbitrary commands, thus posing a significant security risk to affected WordPress sites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/58094
third-party-advisoryx_refsource_SECUNIA
http://packetstormsecurity.com/files/126324/WordPress-iMe...
x_refsource_MISC
http://www.exploit-db.com/exploits/33076
exploitx_refsource_EXPLOIT-DB

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.