5.8

CVE-2011-3127

WordPress Core < 3.1.3 - Clickjacking

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version3.1
WordpressWordpress Version3.1.1
WordpressWordpress Version3.1.2
WordpressWordpress Version3.2 Updatebeta1
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.496
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.