CVE-2014-4163

Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:featured_comments_plugin_project:featured_comments:1.2.1:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 02:09

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2014/Jun/62 - Exploit () http://seclists.org/fulldisclosure/2014/Jun/62 - Exploit

Information

Published : 2014-06-16 18:55

Updated : 2024-11-21 02:09


NVD link : CVE-2014-4163

Mitre link : CVE-2014-4163

CVE.ORG link : CVE-2014-4163


JSON object : View

Products Affected

featured_comments_plugin_project

  • featured_comments
CWE
CWE-352

Cross-Site Request Forgery (CSRF)