8.8
CVE-2012-10017
- EPSS 0.35%
- Veröffentlicht 26.12.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 01:36:09
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginBestWebSoft Portfolio Plugin cross-site request forgery
Portfolio Plugin <= 2.04 - Cross-Site Request Forgery
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.
Mögliche Gegenmaßnahme
Portfolio Plugin: Update to version 2.05, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bestwebsoft ≫ Portfolio SwPlatformwordpress Version < 2.06
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Portfolio Plugin
Version
*-2.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.269 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d
https://vuldb.com/?ctiid.248955
https://vuldb.com/?id.248955
https://www.wordfence.com/threat-intel/vulnerabilities/id/198a24e6-af98-42ed-bf58-73b7ec99838b