Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
BID:51089
Info
Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
| Bugtraq ID: | 51089 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 14 2011 12:00AM |
| Updated: | Dec 14 2011 12:00AM |
| Credit: | Julio, BoiteAWeb |
| Vulnerable: |
WordPress Sentinel 1.0 |
| Not Vulnerable: |
WordPress Sentinel 1.0.1 |
Discussion
Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Sentinel plugin for WordPress is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Sentinel 1.0.0 is vulnerable; other versions may also be affected.
Sentinel plugin for WordPress is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Sentinel 1.0.0 is vulnerable; other versions may also be affected.
Exploit / POC
Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
Solution / Fix
Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
References:
References:
- WordPress Sentinel Changelog (WordPress)
- WordPress Sentinel v1.0.0 (BoiteAWeb)