CVE-2014-6312

Опубликовано: 15 окт. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:*:*:*:*:*:wordpress:*:*

Версия до 3.1.1 (включая)

cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:1.0.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:2.0.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:2.0.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:2.1.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:2.2.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:2.2.4:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 84%

0.02302

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qc2x-mmwq-66fj

github

больше 3 лет назад