==================================================================================================================== # Exploit Title: Wordpress Developer Formatter CSRF Vulnerability # Google Dork: inurl:devformatter/devformatter.php # Date: 21/01/13 # Author: Junaid Hussain -[ illSecure Research Group ] - # Contact: illSecResearchGroup@Gmail.com | Website: illSecure.com # Software Link: http://wordpress.org/extend/plugins/devformatter/ # Vendor: http://wordpress.org/extend/plugins/devformatter/ # Tested on: CentOS 5 # Version: Wordpress Version 3.5, Should work on all versions. ==================================================================================================================== [#] Vulnerable Code Page: devinterface.php - Line: 46

[#] no nonce given - Read: http://codex.wordpress.org/Function_Reference/wp_nonce_field ==================================================================================================================== // CSRF Exploit: