5.8

CVE-2011-3127

WordPress Core < 3.1.3 - Clickjacking

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version3.1
WordpressWordpress Version3.1.1
WordpressWordpress Version3.1.2
WordpressWordpress Version3.2 Updatebeta1
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.53% 0.714
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/49138
http://wordpress.org/news/2011/05/wordpress-3-1-3/
Patch
http://www.debian.org/security/2012/dsa-2470
http://www.securityfocus.com/bid/47995
https://exchange.xforce.ibmcloud.com/vulnerabilities/69172
https://www.wordfence.com/threat-intel/vulnerabilities/id/ee2c5df2-250a-4e35-9219-2630d8d9253a
Third Party Advisory