CVE-2008-0508

CVE Database · CVE-2008-0508

CVE-2008-0508

· N/AModified

CVSS v3.1

N/A

EPSS

1.29%

Published

Jan 31, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.

Weaknesses (CWE)

CWE-352

Affected Products (1)

wordpress · permalinks_migration_pluginvulnerable

References (16)

http://g30rg3x.com/wp-files/dpm_11gx.zip

Patch

http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10

ExploitPatch

http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt

Exploit

http://secunia.com/advisories/28593