CVE-2008-0508
Dean's Permalinks Migration 1.0 - Cross-Site Request Forgery via old_struct Parameter
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.
References (8)
Core 8
Core References
Exploit x_refsource_misc
http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt
Patch x_refsource_misc
http://g30rg3x.com/wp-files/dpm_11gx.zip
Exploit, Patch x_refsource_misc
http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39845
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0281
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486840/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28593
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3595
Scores
EPSS
0.0039
EPSS Percentile
60.3%
Details
CWE
CWE-352
Status
published
Products (1)
wordpress/permalinks_migration_plugin
1.0
Published
Jan 31, 2008
Tracked Since
Feb 18, 2026