Wordpress Invalid CSRF Token Cross-Site Scripting Vulnerability
BID:21893
Info
Wordpress Invalid CSRF Token Cross-Site Scripting Vulnerability
| Bugtraq ID: | 21893 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 28 2006 12:00AM |
| Updated: | Jan 05 2007 10:46PM |
| Credit: | Stefan Esser is credited with the discovery of this vulnerability. |
| Vulnerable: |
WordPress Wordpress (B2) 0.6.2 .1 WordPress Wordpress (B2) 0.6.2 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 WordPress WordPress 1.2 WordPress WordPress 0.71 WordPress WordPress 0.7 |
| Not Vulnerable: |
WordPress WordPress 2.0.6 |
Discussion
Wordpress Invalid CSRF Token Cross-Site Scripting Vulnerability
Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to 2.0.5 are vulnerable to this issue.
Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to 2.0.5 are vulnerable to this issue.
Exploit / POC
Wordpress Invalid CSRF Token Cross-Site Scripting Vulnerability
An attacker may exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker may exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Wordpress Invalid CSRF Token Cross-Site Scripting Vulnerability
Solution:
The vendor has addressed this issue in Wordpress version 2.0.6; please see the reference section for details.
WordPress Wordpress (B2) 0.6.2 .1
WordPress Wordpress (B2) 0.6.2
WordPress WordPress 0.7
WordPress WordPress 0.71
WordPress WordPress 1.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2.2
WordPress WordPress 1.5
WordPress WordPress 1.5.1 .3
WordPress WordPress 1.5.1
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.2
WordPress WordPress 2.0
WordPress WordPress 2.0.1
WordPress WordPress 2.0.2
WordPress WordPress 2.0.3
WordPress WordPress 2.0.4
WordPress WordPress 2.0.5
Solution:
The vendor has addressed this issue in Wordpress version 2.0.6; please see the reference section for details.
WordPress Wordpress (B2) 0.6.2 .1
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress Wordpress (B2) 0.6.2
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 0.7
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 0.71
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.2
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.2.1
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.2.2
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.1 .3
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.1
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.1 .2
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.2
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.1
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.2
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.3
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.4
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.5
-
WordPress latest.zip
WordPress 2.0.6
http://www.wordpress.com/latest.zip
References
Wordpress Invalid CSRF Token Cross-Site Scripting Vulnerability
References:
References:
- WordPress Homepage (WordPress)
- Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability (Stefan Esser