CVE-2008-0205

Name of the Vulnerable Software and Affected Versions Math Comment Spam Protection plugin for WordPress version 2.1 and earlier

Description The issue affects the math-comment-spam-protection.php file in the Math Comment Spam Protection plugin for WordPress, allowing remote attackers to perform actions as administrators. This is achieved via the mcsp opt msg no answer or mcsp opt msg wrong answer parameter to the "wp-admin/options-general.php" endpoint.

Recommendations For Math Comment Spam Protection plugin for WordPress version 2.1 and earlier, consider disabling the plugin until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to the "wp-admin/options-general.php" endpoint to minimize the risk of exploitation. Avoid using the mcsp opt msg no answer and mcsp opt msg wrong answer parameters in the affected endpoint until the issue is resolved.