CSRF attack in WordPress
Vulnerability: CSRF attack in WordPress (XSS)
1. CSRF attack in WordPress Facebook Members
Danger level: Low
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2013-2703
Vector of operation: Remote
Impact: Cross Site Scripting
Affected products: WordPress Facebook Members Plugin 5.x
Affected versions: WordPress Facebook Members 5.0.4, possibly earlier.
Description:
Exploited by malicious people to conduct XSS attacks.
The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. This can produce a CSRF attack and manipulate the settings.
Manufacturer URL: http://crunchify.com/facebook-members/
Solution: Update to version 5.0.5 with the manufacturer’s website.
Links:
http://wordpress.org/extend/plugins/facebook-members/changelog/
2. CSRF attack in WordPress Easy AdSense Lite
Danger: Low
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2013-2702
Vector of operation: Remote
Impact: Cross Site Scripting
Affected products: WordPress Easy AdSense Plugin 6.x
Affected versions: WordPress Easy AdSense Lite 6.06, possibly earlier.
Description:
Exploited by malicious people to conduct XSS attacks.
The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. This can produce a CSRF attack and manipulate the settings plugin.
Manufacturer URL: http://wordpress.org/extend/plugins/easy-adsense-lite/
Solution: Install the latest version 6.10 from the manufacturer.
