Description

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.

Remediation

References

CVE-2013-7233

Related Vulnerabilities

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1582)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4340)

Apache HTTP Server Improper Access Control Vulnerability (CVE-2016-4979)

Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-30556)

WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (1.7.0)

Severity

Medium

Classification

CVE-2013-7233 CWE-352

Tags

Missing Update Known Vulnerabilities