CVE-2007-5229

Name of the Vulnerable Software and Affected Versions: FeedBurner FeedSmith plugin for WordPress version 2.2

Description: A cross-site request forgery (CSRF) issue allows remote attackers to change settings and hijack blog feeds. This is achieved by submitting parameter values to FeedBurner FeedSmith Plugin.php via a request to "wp-admin/options-general.php". The vulnerable parameters include feedburner url and feedburner comments url.

Recommendations: For FeedBurner FeedSmith plugin for WordPress version 2.2, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the "wp-admin/options-general.php" endpoint to minimize the risk of unauthorized setting changes. Avoid using the feedburner url and feedburner comments url parameters in the affected API endpoint until the issue is resolved.