CVE-2017-12651

Опубликовано: 07 авг. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

Ссылки

https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/
Third Party Advisory
https://sv.wordpress.org/plugins/loginizer/#developers
Third Party Advisory
https://wpvulndb.com/vulnerabilities/8884
Third Party Advisory
https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/
Third Party Advisory
https://sv.wordpress.org/plugins/loginizer/#developers
Third Party Advisory
https://wpvulndb.com/vulnerabilities/8884
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*

Версия до 1.3.5 (включая)

EPSS

Процентиль: 32%

0.00122

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-f6j4-5g5c-q29c