N/A

Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.

N/A

N/A

WordPress Member Approval 跨站请求伪造漏洞

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。Member Approval是其中的一个会员注册审核插件。 WordPress Member Approval插件131109版本中存在跨站请求伪造漏洞。远程攻击者可通过向wp-admin/options-general.php脚本发送请求利用该漏洞更改插件设置，禁用注册审批。

N/A

N/A