WordPress Plugin Vulnerabilities

Featured Comments 1.2.1 - wp-admin/admin-ajax.php Comment Status Manipulation CSRF

Description

The Featured Comments WordPress plugin was affected by a wp-admin/admin-ajax.php Comment Status Manipulation CSRF security vulnerability.

Affects Plugins

Plugin icon
feature-comments
Fixed in 1.2.5

References

CVE
CVE-2014-4163
CVE
CVE-2014-10382
URL
https://packetstormsecurity.com/files/#127023/
URL
https://advisories.dxw.com/advisories/csrf-in-featured-comments-1-2-1-allows-an-attacker-to-set-and-unset-comment-statuses/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
8e5c8627-037d-42c9-81ed-3dbf6ed4d0d4

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-05-07
Title
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Cross-Site Request Forgery
Published
2021-08-23
Title
Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF
Published
2014-08-01
Title
Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery
Published
2022-08-10
Title
Gallery PhotoBlocks < 1.2.9 - Cross-Site Request Forgery
Published
2025-06-27
Title
Writesonic < 1.0.6 - Cross-Site Request Forgery