CVE-2008-0508: XSS
First published: Thu Jan 31 2008(Updated: )
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Permalinks Migration Plugin | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://g30rg3x.com/wp-files/dpm_11gx.zip
- http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10
- http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt
- http://secunia.com/advisories/28593
- http://securityreason.com/securityalert/3595
- http://www.vupen.com/english/advisories/2008/0281
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39845
- http://www.securityfocus.com/archive/1/486840/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0508?
CVE-2008-0508 is classified as a moderate severity vulnerability due to its potential for exploitation via cross-site request forgery (CSRF).
How do I fix CVE-2008-0508?
To fix CVE-2008-0508, it is recommended to update the WordPress Permalinks Migration Plugin to a secure version or remove it altogether if no longer needed.
What type of attacks can exploit CVE-2008-0508?
CVE-2008-0508 can be exploited through cross-site request forgery attacks, allowing unauthorized modifications of configuration settings.
Which versions of the WordPress Permalinks Migration Plugin are affected by CVE-2008-0508?
CVE-2008-0508 specifically affects version 1.0 of the WordPress Permalinks Migration Plugin.
Can CVE-2008-0508 lead to unauthorized access?
Yes, CVE-2008-0508 can potentially lead to unauthorized access by allowing attackers to change configuration settings as if they were legitimate administrators.
- agent/weakness
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/wordpress
- canonical/wordpress permalinks migration plugin
- version/wordpress permalinks migration plugin/1.0