Sunday, April 29, 2012 0 comments
WordPress version 3.3.1 suffers from multiple cross site request forgery vulnerabilities. These CSRF vulnerabilities allow attackers to add administrators/users, delete administrators/users, change post title, approve and unapprove comment, delete comment, change background image, change Site Address, insert custom header image, change site title, change administrator's email, change Wordpress Address, when an authenticated user/admin browses a special crafted web page. There may be some other parameters which can be modified by this CSRF vulnerability.
These vulnerabilities are found by Ivano Binetti (http://www.ivanobinetti.com).
According to research, this CSRF vulnerability is caused by a security flaw in anti-CSRF token (_wpnonce, _wpnonce_create-user, _ajax_nonce, _wpnonce-custom-background-upload, _wpnonce-custom-header-upload) generation.
This vulnerability allows an attacker, who has sniffed anti-CSRF token, to have 12 hour to perform a CSRF attack and perform following operations:
- · Add Admin/User
- · Delete Admin/User
- · Approve comment
- · Unapprove comment
- · Delete comment
- · Change background image
- · Insert custom header image
- · Change site title
- · Change administrator's email
- · Change WordPress Address
- · Change Site Address
· Other operations (like insert a new post) are not affected by this CSRF vulnerability.
Webmasters, running WordPress version 3.3.1 for their website and blog, are advised to upgrade to the latest version of the WordPress.