|
|
CVE Reference: CVE-2007-1244 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1244 |
|
|
Description: Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/32703 SAID Secunia Advisory: SA24566 OSVDB 33787 33788 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0583.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/461351/100/0/threaded BID 22735 |
|
| Return to the previous page. |
