Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-7233Cross-Site Request Forgery in Wordpress

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 46.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedDec 30
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDwordpress/wordpress2.0.11+10

🔴Vulnerability Details

2
GHSA
GHSA-g5w2-qwqg-v4vf: Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion2022-05-17
OSV
CVE-2013-7233: Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion2013-12-30

💥Exploits & PoCs

1
Exploit-DB
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery2013-12-17

📋Vendor Advisories

1
Debian
CVE-2013-7233: wordpress - Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp...2013
CVE-2013-7233 — Cross-Site Request Forgery in Wordpress | cvebase