Description

WordPress Plugin Dean's Permalinks Migration is prone to a vulnerability which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. conduct script insertion attacks against the PermalinksMigration page. WordPress Plugin Dean's Permalinks Migration version 1.0 is vulnerable; other versions may also be affected.

Remediation

Do not browse untrusted websites while logged on to WordPress

References

http://www.securityfocus.com/archive/1/archive/1/486840/100/0/threaded

http://secunia.com/advisories/28593/

Related Vulnerabilities

WordPress Plugin WP Database Backup Cross-Site Request Forgery (4.3.5)

WordPress Plugin NewsPlugin Cross-Site Request Forgery (1.0.18)

WordPress Plugin WordPress Photo Gallery by Gallery Bank Cross-Site Scripting (3.0.228)

WordPress Plugin SEOPress, on-site SEO Cross-Site Scripting (5.0.3)

WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms Multiple SQL Injection Vulnerabilities (1.0.24)

Severity

High

Classification

CVE-2008-0508 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update CSRF