WordPress FunCaptcha Plugin Cross-Site-Request Forgery Vulnerability
BID:59031
Info
WordPress FunCaptcha Plugin Cross-Site-Request Forgery Vulnerability
| Bugtraq ID: | 59031 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2013 12:00AM |
| Updated: | Apr 11 2013 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
SwipeAds FunCaptcha 0.3.2 |
| Not Vulnerable: |
SwipeAds FunCaptcha 0.3.3 |
Discussion
WordPress FunCaptcha Plugin Cross-Site-Request Forgery Vulnerability
FunCaptcha plugin for WordPress is prone to a cross-site-request forgery vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
FunCaptcha plugin versions prior to 0.3.3 are vulnerable.
FunCaptcha plugin for WordPress is prone to a cross-site-request forgery vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
FunCaptcha plugin versions prior to 0.3.3 are vulnerable.
Exploit / POC
WordPress FunCaptcha Plugin Cross-Site-Request Forgery Vulnerability
To exploit the issue an attacker must entice an unsuspecting victim to follow a malicious URI.
To exploit the issue an attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
WordPress FunCaptcha Plugin Cross-Site-Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.