Description
WordPress Plugin WP Construction Mode is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WP Construction Mode version 1.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.91 or latest
References
http://www.intelligentexploit.com/view-details.html?id=19379
Related Vulnerabilities
PHP Other Vulnerability (CVE-2006-4023)
WordPress Plugin Asgaros Forum Cross-Site Scripting (1.15.13)
MySQL CVE-2013-1570 Vulnerability (CVE-2013-1570)
WordPress Plugin Hitasoft FLV Player 'id' Parameter SQL Injection (1.1)
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)