6.8
CVE-2013-0736
- EPSS 0.19%
- Veröffentlicht 09.10.2013 22:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginMingle Forum <= 1.0.34 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
Mögliche Gegenmaßnahme
Mingle Forum: Update to version 1.0.35, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Mingle Forum
Version
*-1.0.34
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cartpauj ≫ Mingle-forum Version <= 1.0.34
Cartpauj ≫ Mingle-forum Version1.0.00
Cartpauj ≫ Mingle-forum Version1.0.01
Cartpauj ≫ Mingle-forum Version1.0.02
Cartpauj ≫ Mingle-forum Version1.0.03
Cartpauj ≫ Mingle-forum Version1.0.04
Cartpauj ≫ Mingle-forum Version1.0.05
Cartpauj ≫ Mingle-forum Version1.0.06
Cartpauj ≫ Mingle-forum Version1.0.07
Cartpauj ≫ Mingle-forum Version1.0.08
Cartpauj ≫ Mingle-forum Version1.0.09
Cartpauj ≫ Mingle-forum Version1.0.10
Cartpauj ≫ Mingle-forum Version1.0.11
Cartpauj ≫ Mingle-forum Version1.0.12
Cartpauj ≫ Mingle-forum Version1.0.13
Cartpauj ≫ Mingle-forum Version1.0.14
Cartpauj ≫ Mingle-forum Version1.0.15
Cartpauj ≫ Mingle-forum Version1.0.16
Cartpauj ≫ Mingle-forum Version1.0.17
Cartpauj ≫ Mingle-forum Version1.0.18
Cartpauj ≫ Mingle-forum Version1.0.19
Cartpauj ≫ Mingle-forum Version1.0.20
Cartpauj ≫ Mingle-forum Version1.0.21
Cartpauj ≫ Mingle-forum Version1.0.21.1
Cartpauj ≫ Mingle-forum Version1.0.22
Cartpauj ≫ Mingle-forum Version1.0.23
Cartpauj ≫ Mingle-forum Version1.0.23.1
Cartpauj ≫ Mingle-forum Version1.0.23.2
Cartpauj ≫ Mingle-forum Version1.0.24
Cartpauj ≫ Mingle-forum Version1.0.25
Cartpauj ≫ Mingle-forum Version1.0.26
Cartpauj ≫ Mingle-forum Version1.0.27
Cartpauj ≫ Mingle-forum Version1.0.28
Cartpauj ≫ Mingle-forum Version1.0.28.1
Cartpauj ≫ Mingle-forum Version1.0.28.2
Cartpauj ≫ Mingle-forum Version1.0.29
Cartpauj ≫ Mingle-forum Version1.0.30
Cartpauj ≫ Mingle-forum Version1.0.31
Cartpauj ≫ Mingle-forum Version1.0.31.1
Cartpauj ≫ Mingle-forum Version1.0.31.2
Cartpauj ≫ Mingle-forum Version1.0.31.3
Cartpauj ≫ Mingle-forum Version1.0.31.4
Cartpauj ≫ Mingle-forum Version1.0.32
Cartpauj ≫ Mingle-forum Version1.0.32.1
Cartpauj ≫ Mingle-forum Version1.0.33
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.374 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.