CVE-2011-0759 Information
Share on:Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey (2) recaptcha_opt_privkey (3) re_tabindex (4) error_blank (5) error_incorrect (6) mailhide_pub (7) mailhide_priv (8) mh_replace_link or (9) mh_replace_title parameter.
Reference
http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0206.html http://secunia.com/advisories/43771 http://www.securityfocus.com/bid/46909 https://exchange.xforce.ibmcloud.com/vulnerabilities/66167 https://exchange.xforce.ibmcloud.com/vulnerabilities/66169