WordPress _REQUEST Array Cross Site Request Forgery (CSRF) Vulnerability Network Vulnerability

Summary

The host is installed with WordPress and is prone to Cross Site Request Forgery(CSRF) Vulnerabilities.

Impact

Successful attack could lead to execution of arbitrary script code and can cause denial of service condition. Impact Level: Application

Solution

Upgrade to WordPress version 2.9.2 or later For updates refer to http://wordpress.org/ NOTE: This issue relies on the presence of an independent vulnerability that allows cookie injection.

Insight

The flaw is due to incorrect usage of _REQUEST super global array, which leads to cross site request forgery (CSRF) attacks via crafted cookies.

Affected

WordPress 2.6.3 and earlier on all running platforms.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771
http://openwall.com/lists/oss-security/2008/11/14/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5113

CVSS	Base Score: 4.0 AV:N/AC:H/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Apache Struts2/XWork Remote Command Execution Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
Apache mod_proxy_ajp Information Disclosure Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

WordPress _REQUEST array Cross Site Request Forgery (CSRF) Vulnerability

Take action and discover your vulnerabilities