CVE-2013-6797

Summary

CVE	CVE-2013-6797
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-11-19 04:50:00 UTC
Updated	2013-11-19 19:27:00 UTC
Description	Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.

Risk And Classification

Problem Types: CWE-352

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.0	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.1	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.2	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.3	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.4	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.0	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.1	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.2	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.3	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	1.0.4	-	All	All
Application	Sunil Nanda	Blue Wrench Video Widget	All	-	All	All

References

Reference	Source	Link	Tags
98923	OSVDB	osvdb.org
98922	OSVDB	osvdb.org
Wordpress Plugin Blue-Wrench-Video-Widget CSRF & Persistent XSS 0day Disclosure - SecurityUndefined	MISC	securityundefined.com	Exploit
WordPress › Blue Wrench Video Widget « WordPress Plugins	CONFIRM	wordpress.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.