CVE-2013-3253
medium
CVSS v3
—
VIR risk
6.8
Description
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| xhanch | my_twitter | {"endIncluding":"2.7.6"} | |
| xhanch | my_twitter | 2.5.8 | |
| xhanch | my_twitter | 2.5.9 | |
| xhanch | my_twitter | 2.6.0 | |
| xhanch | my_twitter | 2.6.1 | |
| xhanch | my_twitter | 2.6.2 | |
| xhanch | my_twitter | 2.6.3 | |
| xhanch | my_twitter | 2.6.4 | |
| xhanch | my_twitter | 2.6.5 | |
| xhanch | my_twitter | 2.6.6 | |
| xhanch | my_twitter | 2.6.7 | |
| xhanch | my_twitter | 2.6.8 | |
| xhanch | my_twitter | 2.6.9 | |
| xhanch | my_twitter | 2.7.0 | |
| xhanch | my_twitter | 2.7.1 | |
| xhanch | my_twitter | 2.7.2 | |
| xhanch | my_twitter | 2.7.3 | |
| xhanch | my_twitter | 2.7.4 | |
| xhanch | my_twitter | 2.7.5 | |
| wordpress | wordpress | - | |
References
- http://forum.xhanch.com/index.php/topic%2C3806.0.html
- http://plugins.trac.wordpress.org/changeset/750054/xhanch-my-twitter
- http://secunia.com/advisories/53133
- http://www.securityfocus.com/bid/61629
- http://forum.xhanch.com/index.php/topic%2C3806.0.html
- http://plugins.trac.wordpress.org/changeset/750054/xhanch-my-twitter
- http://secunia.com/advisories/53133
- http://www.securityfocus.com/bid/61629
CWEs
CWE-352
💬 Discuss CVE-2013-3253 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.