Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin prior to 2.0.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sunil nanda blue wrench video widget 1.0.0 |
||
sunil nanda blue wrench video widget 1.0.4 |
||
sunil nanda blue wrench video widget 1.0.2 |
||
sunil nanda blue wrench video widget |
||
sunil nanda blue wrench video widget 1.0.3 |
||
sunil nanda blue wrench video widget 1.0.1 |