VULNERABILITIES / FIXES - August 15, 2013
by Carol~ - 8/15/13 10:03 AM
WordPress Shareaholic Plugin Cross-Site Request Forgery Vulnerability
Release Date : 2013-08-15
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch
Software: WordPress Shareaholic Plugin 7.x
A vulnerability has been reported in the Shareaholic plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The plugin allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in user visits a specially crafted web page.
The vulnerability is reported in versions prior to 184.108.40.206.
Update to version 220.127.116.11.
Provided and/or discovered by:
Reported by the vendor.