CVE-2013-2699

Name of the Vulnerable Software and Affected Versions underConstruction plugin versions prior to 1.09 for WordPress

Description The issue is related to a cross-site request forgery (CSRF) vulnerability. This allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin. The exact vectors used for the attack are not specified.

Recommendations For underConstruction plugin versions prior to 1.09, update to version 1.09 or later to resolve the issue. As a temporary workaround, consider restricting access to plugin deactivation requests to minimize the risk of exploitation.