Cross-Site Request Forgery Vulnerability in WhyDoWork AdSense Plugin for WordPress
CVE-2014-9099

Currently unrated

Key Information:

Vendor: Wordpress
Status: Whydowork Adsense
Vendor: CVE Published:; 26 November 2014

What is CVE-2014-9099?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WhyDoWork AdSense plugin version 1.2 for WordPress. This flaw allows remote attackers to exploit administrator sessions by sending harmful requests to the admin panel. The attack is executed through an unauthorized request directed at the whydowork_adsense page within the wp-admin/options-general.php area, potentially leading to session hijacking and unauthorized actions being performed on behalf of the administrator.

References

http://www.securityfocus.com/bid/68954

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/127658/WordPress-Why...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 26, 2014

Wordpress

What is CVE-2014-9099?

References

Timeline