First published: Tue Sep 25 2012(Updated: )
A cross-site request forgery (CSRF) flaw was found in the way WordPress, a blog tool and publishing platform, performed sanitization of parameters by registering dashboard widgets for incoming links widget. A remote attacker could provide a specially-crafted web page that, when visited by wordpress administrator could allow the attacker to change the URL of the feed for the incoming links section of the dashboard. References: [1] <a href="http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html">http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html</a> [2] <a href="https://bugs.gentoo.org/show_bug.cgi?id=436198">https://bugs.gentoo.org/show_bug.cgi?id=436198</a> [3] <a href="https://secunia.com/advisories/50715/">https://secunia.com/advisories/50715/</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | =3.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.