Description

WordPress Plugin Calendar is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Calendar version 1.3.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.3.3 or latest

References

http://secunia.com/advisories/52841/

http://www.securityfocus.com/bid/59661/

Related Vulnerabilities

PrestaShop Improper Privilege Management Vulnerability (CVE-2013-6295)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.14.7)

WordPress Plugin Simple Ajax Shoutbox SQL Injection (2.2.1)

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-4094)

WordPress Plugin Advanced post slider Unspecified Vulnerability (2.4.0)

Severity

High

Classification

CVE-2013-2698 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update CSRF