CVE-2012-4448 — Cross-Site Request Forgery in Wordpress

CWE-352 — Cross-Site Request Forgery7 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 64.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedSep 28

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.5.1+dfsg-2 (bookworm)

▶Debianwordpress/wordpress< 3.5.1+dfsg-2+3

▶NVDwordpress/wordpress3.4.2

🔴Vulnerability Details

GHSA

GHSA-rgfj-6p67-wm4x: Cross-site request forgery (CSRF) vulnerability in wp-admin/index↗2022-05-17

▶

OSV

CVE-2012-4448: Cross-site request forgery (CSRF) vulnerability in wp-admin/index↗2012-09-28

▶

📋Vendor Advisories

Debian

CVE-2012-4448: wordpress - Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPre...↗2012

▶

💬Community

Bugzilla

CVE-2012-4448 wordpress: CSRF in the incoming links section of the dashboard [fedora-all]↗2012-09-25

▶

Bugzilla

CVE-2012-4448 wordpress: CSRF in the incoming links section of the dashboard↗2012-09-25

▶

Bugzilla

CVE-2012-4448 wordpress: CSRF in the incoming links section of the dashboard [epel-all]↗2012-09-25

▶