WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5113)

Description

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

Remediation

References

Related Vulnerabilities

WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)

WordPress Plugin Appointment Scheduling for Zoom GoogleMeet and more-Wappointment Cross-Site Scripting (2.2.4)

Jboss EAP Improper Input Validation Vulnerability (CVE-2019-12400)

WordPress Plugin Warranties and Returns for WooCommerce Security Bypass (5.2.1)

MySQL Other Vulnerability (CVE-2016-0705)

Severity

Medium

Classification

CVE-2008-5113 CWE-352

Tags

Missing Update Known Vulnerabilities