CVE-2013-6797

Name of the Vulnerable Software and Affected Versions Blue Wrench Video Widget plugin versions prior to 2.0.0

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw url parameter in the bw-videos page to "wp-admin/admin.php". This can be exploited by embedding a URL to a JavaScript file.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the bw-videos page in wp-admin/admin.php to minimize the risk of exploitation. Avoid using the bw url parameter in the affected page until the issue is resolved.