| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Jun 2015 14:22:50 +0000 From: Nitin Venkatesh <venkatesh.nitin@...il.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 # Title: Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 # Submitter: Nitin Venkatesh # Product: Google Analyticator Wordpress Plugin # Product URL: https://wordpress.org/plugins/google-analyticator/ # Vulnerability Type: Cross-Site Request Forgery [CWE-352] # Affected Versions: v6.4.9.3 before rev @1183563 and possibly earlier # Tested versions: v6.4.9.3 rev @1168849 # Fixed Version: v6.4.9.3 rev @1183563 # Link to code diff: https://plugins.trac.wordpress.org/changeset/1183563/ # CVE Status: None/Unassigned/Fresh ## Product Information: Google Analyticator makes it super easy to view Google Analytics within your WordPress dashboard. This eliminates the need to edit your template code to begin logging. Google Analyticator also includes several widgets for displaying Analytics data in the admin and on your blog. One of the most popular WordPress plugins for Google Analytics! Over 3.5+ million downloads. ## Vulnerability Description: The administrative actions allowed by the plugin can be exploited using CSRF which could be used to disrupt the functionality provided by the plugin. ## Proof-of-Concept: http://localhost/wp-admin/options-general.php?page=google-analyticator.php&pageaction=ga_clear_cache http://localhost/wp-admin/options-general.php?page=ga_reset ## Solution: Upgrade to v6.4.9.3 rev @1183563 ## Disclosure Timeline: 2015-05-30 - Contacted developer via forums. 2015-06-02 - Vulnerability details submitted on the forums on developer's request - https://wordpress.org/support/topic/discovered-security-vulnerabilities-1 2015-06-13 - Re-contacted developer on the forums. 2015-06-18 - Update released. 2015-06-19 - Publishing to Full Disclosure mailing list ## Disclaimer: This disclosure is purely meant for educational purposes. I will in no way be responsible as to how the information in this disclosure is used. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists