CVE-2007-1244
CVE-2007-1244
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/29682unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0583.htmlhttp://osvdb.org/33787http://osvdb.org/33788http://secunia.com/advisories/24566https://exchange.xforce.ibmcloud.com/vulnerabilities/32703http://www.gentoo.org/security/en/glsa/glsa-200703-23.xmlhttp://www.securityfocus.com/archive/1/461351/100/0/threadedhttp://www.securityfocus.com/bid/22735