Published: 30/12/2013 Updated: 31/12/2013
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that move comments to the moderation list.


source: wwwsecurityfocuscom/bid/64564/info WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application Other attacks are also possible WordPress ...