Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0759

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-0759
Last Modified 24 Mar 2011 12:00:00
Published 22 Mar 2011 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0759

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter.

Vulnerable Systems

Application

  • Blaenkdenum Wp-recaptcha 2.9.8.2


References

XF - recaptcha-wordpress-multiple-xss(66169)

XF - recaptcha-wordpress-csrf(66167)

BID - 46909

SECUNIA - 43771

FULLDISC - 20110317 Recaptcha Word Press Plugin Cross Site Scripting Vulnerability - CVE-2011-0759


Last Updated: 27 May 2016 10:56:02