Bugtraq: Cross-Site Request Forgery in Atahualpa WordPress Theme

————————————————————————

Cross-Site Request Forgery in Atahualpa WordPress Theme

————————————————————————

Spyros Gasteratos, July 2016

————————————————————————

Abstract

————————————————————————

A Cross Site Request Forgery vulnerability exists in the Atahualpa

Wordpress theme which allows attackers to legitimate users into

performing unintended actions on the Atahualpa theme configuration page.

————————————————————————

OVE ID

————————————————————————

OVE-20160724-0003

————————————————————————

Tested versions

————————————————————————

This issue was successfully tested on Atahualpa WordPress Theme

WordPress Theme.

————————————————————————

Fix

————————————————————————

There is currently no fix available.

————————————————————————

Details

————————————————————————

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_atahualp

a_wordpress_theme.html

————————————————————————

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its

goal is to contribute to the security of popular, widely used OSS

projects in a fun and educational way.

[ reply ]

Source: SecurityFocus Vulnerabilities @ March 1, 2017 at 02:06AM

0
Share