CVE-2008-0508

Name of the Vulnerable Software and Affected Versions Dean's Permalinks Migration plugin version 1.0

Description A cross-site request forgery (CSRF) issue allows remote attackers to modify the oldstructure configuration setting, also known as dean pm config[oldstructure], as administrators. This is achieved via the old struct parameter in a deans permalinks migration.php action to wp-admin/options-general.php. An example of exploitation includes placing an XSS sequence in this setting.

Recommendations For Dean's Permalinks Migration plugin version 1.0, consider disabling access to the deans permalinks migration.php file until a patch is available to prevent modification of the oldstructure setting. Restrict access to the wp-admin/options-general.php page to minimize the risk of exploitation. Avoid using the old struct parameter in the affected action until the issue is resolved.