Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sunil_nanda | blue_wrench_video_widget | 1.0.1 |
| sunil_nanda | blue_wrench_video_widget | 1.0.3 |
| sunil_nanda | blue_wrench_video_widget | * |
| sunil_nanda | blue_wrench_video_widget | 1.0.4 |
| sunil_nanda | blue_wrench_video_widget | 1.0.0 |
| sunil_nanda | blue_wrench_video_widget | 1.0.2 |