CVE-2007-5229

FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery via wp-admin/options-general.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5229. PoCs published by David Kierznowski.

AI-analyzed exploit summary This JavaScript PoC demonstrates a CSRF vulnerability in FeedBurner FeedSmith 2.2, allowing an attacker to manipulate plugin settings via a victim's active session. It sends a POST request to modify feed URLs without user interaction.

Description

Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by David Kierznowski · javascriptwebappsphp

https://www.exploit-db.com/exploits/30637

View Code ZIP pw:eip

This JavaScript PoC demonstrates a CSRF vulnerability in FeedBurner FeedSmith 2.2, allowing an attacker to manipulate plugin settings via a victim's active session. It sends a POST request to modify feed URLs without user interaction.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: FeedBurner FeedSmith Plugin 2.2

Auth required

Prerequisites: Victim must have an active session in the target WordPress admin panel · Attacker must trick the victim into executing the malicious JavaScript

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →