# Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 # Submitter: Nitin Venkatesh # Product: Portfolio Plugin Wordpress Plugin # Product URL: http://ift.tt/1Gyilpq # Vulnerability Type: Cross-site Request Forgery [CWE-352] # Affected Versions: v1.0 # Tested versions: v1.0 # Fixed Version: v1.05 # Link to code diff: http://ift.tt/1MmaNym # Changelog: http://ift.tt/1GyijOb # CVE Status: None/Unassigned/Fresh ## Product Information: Use Instagram to display your portfolio. Choose whether to display all images from your account, or only the ones you tag with a custom hashtag. ## Vulnerability Description: The admin form in Portfolio Plugin v1.0 is susceptible to CSRF. ## Proof of Concept:
## Solution: Upgrade to v1.05 or later. ## Disclosure Timeline: 2015-06-03 - Discovered. Mailed developer. 2015-06-05 - Updated v1.05 released. 2015-07-20 - Publishing disclosure on FD mailing list. ## Disclaimer: This disclosure is purely meant for educational purposes. I will in no way be responsible as to how the information in this disclosure is used.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment