A Cross Site Request Forgery vulnerability exists in the Atahualpa
Wordpress theme which allows attackers to legitimate users into
performing unintended actions on the Atahualpa theme configuration page.
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.
Cross-Site Request Forgery in Atahualpa WordPress Theme
------------------------------------------------------------------------
Spyros Gasteratos, July 2016
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross Site Request Forgery vulnerability exists in the Atahualpa
Wordpress theme which allows attackers to legitimate users into
performing unintended actions on the Atahualpa theme configuration page.
------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0003
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Atahualpa WordPress Theme
WordPress Theme.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_atahualp
a_wordpress_theme.html
------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.
[ reply ]