CVE-2013-6797
published 2013-11-19CVE-2013-6797: Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.88%
85.1th percentile
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sunil_nanda | blue_wrench_video_widget | <= 1.0.5 | — |
| sunil_nanda | blue_wrench_video_widget | — | — |
| sunil_nanda | blue_wrench_video_widget | — | — |
| sunil_nanda | blue_wrench_video_widget | — | — |
| sunil_nanda | blue_wrench_video_widget | — | — |
| sunil_nanda | blue_wrench_video_widget | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/98922http://osvdb.org/98923http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/http://wordpress.org/plugins/blue-wrench-videos-widget/changeloghttp://osvdb.org/98922http://osvdb.org/98923http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/http://wordpress.org/plugins/blue-wrench-videos-widget/changelog
2013-11-19
Published