oss-sec mailing list archives

[CVE Request] IndiaNIC Testimonial 2.2 WP plugin

From: "Adéla Goldová" <roguecoder () hush com>
Date: Mon, 02 Sep 2013 00:35:30 +0200

Hey

The testimonial plugin by IndiaNIC contains CSRF, XSS and SQLi vulnerabilities.
I was able to deface the website, extract user credentials etc through crafted forms.
Can someone please assign CVE's to this?

1: http://seclists.org/fulldisclosure/2013/Sep/5

Current thread:

[CVE Request] IndiaNIC Testimonial 2.2 WP plugin Adéla Goldová (Sep 01)
- Re: [CVE Request] IndiaNIC Testimonial 2.2 WP plugin cve-assign (Sep 01)