CVE-2008-4734

Name of the Vulnerable Software and Affected Versions WP Comment Remix plugin versions prior to 1.4.4

Description A cross-site request forgery issue exists in the wpcr do options page function, allowing remote attackers to perform unauthorized actions as administrators. This can be achieved via a request that sets the wpcr hidden form input parameter.

Recommendations For WP Comment Remix plugin versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the wpcr do options page function to minimize the risk of exploitation. Avoid using the wpcr hidden form input parameter in affected requests until the issue is resolved.