ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Comment Remix Plugin <= 1.4.3 - CSRF

Product
WP Comment Remix
Description
Because of this vulnerability, the attackers can perform unauthorized actions as administrators via a request that sets the "wpcr_hidden_form_input" parameter.
Solution
Update the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2008-4734
Versions
Affected In <= 1.4.3
Fixed In 1.4.4
Disclosure date
2008-10-24