Headline

CVE-2017-20065: Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery

A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

3 years ago

CVE

Open in Source

#vulnerability #web #wordpress #auth

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

Full Disclosure mailing list archives

From: Summer of Pwnage <lists () securify nl>
Date: Wed, 1 Mar 2017 07:12:55 +0100

------------------------------------------------------------------------ Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery

Radjnies Bhansingh, July 2016

Abstract

A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This vulnerablity allows attackers to add and modify scripting code that will target authenticated WordPress admins or visitors that see the popup generated by this plugin. Before exploitation of this issue succeeds, and scripting code is therefore injected, a victim WordPress admin to click a specially crafted link or visit a malicious attacker-controlled webpage.

OVE ID

OVE-20160724-0013

Tested versions

This issue was succesfully tested on the Popup by Supsystic WordPress plugin version 1.7.6.

Fix

There is currently no fix available.

Details

https://sumofpwn.nl/advisory/2016/popup_by_supsystic_wordpress_plugin_vulnerable_to_cross_site_request_forgery.html

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread: