ViewMedica WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the ViewMedica 9 plugin for WordPress, affecting all versions through 1.4.15. The vulnerability arises from inadequate nonce validation on the 'Viewmedica-Admin' page, allowing unauthenticated attackers to inject arbitrary SQL queries. Exploitation requires tricking a site administrator into clicking a link that initiates the forged request.

Impact

Exploitation of this vulnerability could lead to Cross-Site Request Forgery, allowing attackers to perform actions on behalf of users without their consent, potentially including SQL injection.