Exploit Database - Logo

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

EDB-ID: 38924 Author: MustLive Published: 2013-12-17
CVE: CVE-2013-7233 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/64564/info

WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.

WordPress 2.0.11 is vulnerable.

http://www.example.com/wp-admin/options-discussion.php?action=retrospam&move=true&ids=1
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2013-7233
Trying to match OSVDBs (1): 101184
Trying to match setup file: caa62170e15c30cbed58be4f29556968
Other Possible E-DB Search Terms: WordPress 2.0.11,  WordPress
Date D V Title Author
2009-11-10 Verified WordPress MU 1.2.2 < 1.3.1 - '/wp-includes/wpmu-functions.php' Cross-Site ScriptingJuan Galian...
2011-03-08 Verified WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL InjectionHigh-Tech B...
2012-05-15 Verified WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting VulnerabilitiesHeine Pedersen
2016-12-19 Waiting verification WordPress Plugin 404 Redirection Manager 1.0 - SQL InjectionAhmed Sherif
2012-09-26 Verified WordPress Plugin ABC Test - 'id' Cross-Site ScriptingScott Herbert
2010-12-22 Verified WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scriptingclshack
2016-05-04 Waiting verification WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site ScriptingJohto Robbie
2013-05-27 Verified WordPress Plugin ADIF Log Search Widget - 'logbook_search.php' Cross-Site Scriptingk3170makan
2017-07-25 Waiting verification WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection8bitsec
2015-10-18 Waiting verification WordPress Plugin Ajax Load More < 2.8.2 - Arbitrary File UploadPizzaHatHacker
2012-10-01 Verified WordPress Plugin Akismet - Multiple Cross-Site Scripting VulnerabilitiesTapco Security
2017-03-09 Waiting verification WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File DownloadIhsan Sencan
2017-03-09 Waiting verification WordPress Plugin Apptha Slider Gallery 1.0 - SQL InjectionIhsan Sencan
2011-09-14 Verified WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injectionsherl0ck_
2011-01-23 Verified WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site ScriptingAutoSec Tools
2011-02-28 Verified WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure VulnerabilitiesDanilo Massa
2013-03-25 Verified WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML InjectionFernando A....
2011-06-26 Waiting verification WordPress Plugin Beer Recipes 1.0 - Cross-Site ScriptingTheUzuki.'
2011-01-25 Verified WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site ScriptingAutoSec Tools
2016-08-01 Waiting verification WordPress Plugin Booking Calendar 6.2 - SQL InjectionEdwin Molenaar
2016-02-08 Waiting verification WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilitiesi0akiN SEC-...
2016-01-25 Waiting verification WordPress Plugin Booking Calendar Contact Form 1.1.23 - Unauthenticated SQL Injectioni0akiN SEC-...
2016-01-27 Waiting verification WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injectioni0akiN SEC-...
2016-01-27 Waiting verification WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilitiesi0akiN SEC-...
2011-07-11 Verified WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection VulnerabilitiesIHTeam
Menu