漏洞标题
N/A
漏洞描述信息
WordPress上的FeedBurner FeedSmith 2.2插件中的跨站点请求伪造(CSRF)漏洞允许远程攻击者通过向wp-admin/options-general.php发送请求来更改设置并窃取博客流量,该请求将参数值提交到FeedBurner_FeedSmith_Plugin.php,如(1) feedburner_url和(2) feedburner_comments_url参数所示。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
WordPressFeedBurner FeedSmith 'FeedBurner_FeedSmith_Plugin.php' 跨站请求伪造漏洞
漏洞描述信息
WordPressFeedBurner FeedSmith 2.2 plugin存在跨站请求伪造漏洞,远程攻击者可以借助对FeedBurner_FeedSmith_Plugin.php提交参数值的wp-admin/options-general.php的一个请求改变设置并攻击blog馈入,例如(1) feedburner_url和(2) feedburner_comments_url参数。
CVSS信息
N/A
漏洞类别
跨站请求伪造