CVE-2013-6797
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
19/11/2013
Last modified:
11/04/2025
Description
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:*:-:*:*:*:wordpress:*:* | 1.0.5 (including) | |
| cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.0:-:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.1:-:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.2:-:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.3:-:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.4:-:*:*:*:wordpress:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/98922
- http://osvdb.org/98923
- http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/
- http://wordpress.org/plugins/blue-wrench-videos-widget/changelog
- http://osvdb.org/98922
- http://osvdb.org/98923
- http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/
- http://wordpress.org/plugins/blue-wrench-videos-widget/changelog