Release date:
Updated on:
Affected Systems:
WordPress Facebook Members Plugin 5.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-2703
The WordPress Facebook Members plug-in can insert the Facebook LikeBox + Facebook Recommendation Bar feature into WordPress.
WordPress Facebook Members 5.0.4 does not strictly verify certain HTTP requests, which allows attackers to perform certain operations through HTTP requests. Attackers can exploit this vulnerability to control plug-in settings when the Administrator logs on to a webpage.
<* Source: Charlie Eriksen
Link: http://secunia.com/advisories/52962
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://wordpress.org/extend/plugins/facebook-members/changelog/