6.8
CVE-2013-0736
- EPSS 1.06%
- Veröffentlicht 09.10.2013 22:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginMingle Forum <= 1.0.34 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
Mögliche Gegenmaßnahme
Mingle Forum: Update to version 1.0.35, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cartpauj ≫ Mingle-forum Version <= 1.0.34
Cartpauj ≫ Mingle-forum Version1.0.00
Cartpauj ≫ Mingle-forum Version1.0.01
Cartpauj ≫ Mingle-forum Version1.0.02
Cartpauj ≫ Mingle-forum Version1.0.03
Cartpauj ≫ Mingle-forum Version1.0.04
Cartpauj ≫ Mingle-forum Version1.0.05
Cartpauj ≫ Mingle-forum Version1.0.06
Cartpauj ≫ Mingle-forum Version1.0.07
Cartpauj ≫ Mingle-forum Version1.0.08
Cartpauj ≫ Mingle-forum Version1.0.09
Cartpauj ≫ Mingle-forum Version1.0.10
Cartpauj ≫ Mingle-forum Version1.0.11
Cartpauj ≫ Mingle-forum Version1.0.12
Cartpauj ≫ Mingle-forum Version1.0.13
Cartpauj ≫ Mingle-forum Version1.0.14
Cartpauj ≫ Mingle-forum Version1.0.15
Cartpauj ≫ Mingle-forum Version1.0.16
Cartpauj ≫ Mingle-forum Version1.0.17
Cartpauj ≫ Mingle-forum Version1.0.18
Cartpauj ≫ Mingle-forum Version1.0.19
Cartpauj ≫ Mingle-forum Version1.0.20
Cartpauj ≫ Mingle-forum Version1.0.21
Cartpauj ≫ Mingle-forum Version1.0.21.1
Cartpauj ≫ Mingle-forum Version1.0.22
Cartpauj ≫ Mingle-forum Version1.0.23
Cartpauj ≫ Mingle-forum Version1.0.23.1
Cartpauj ≫ Mingle-forum Version1.0.23.2
Cartpauj ≫ Mingle-forum Version1.0.24
Cartpauj ≫ Mingle-forum Version1.0.25
Cartpauj ≫ Mingle-forum Version1.0.26
Cartpauj ≫ Mingle-forum Version1.0.27
Cartpauj ≫ Mingle-forum Version1.0.28
Cartpauj ≫ Mingle-forum Version1.0.28.1
Cartpauj ≫ Mingle-forum Version1.0.28.2
Cartpauj ≫ Mingle-forum Version1.0.29
Cartpauj ≫ Mingle-forum Version1.0.30
Cartpauj ≫ Mingle-forum Version1.0.31
Cartpauj ≫ Mingle-forum Version1.0.31.1
Cartpauj ≫ Mingle-forum Version1.0.31.2
Cartpauj ≫ Mingle-forum Version1.0.31.3
Cartpauj ≫ Mingle-forum Version1.0.31.4
Cartpauj ≫ Mingle-forum Version1.0.32
Cartpauj ≫ Mingle-forum Version1.0.32.1
Cartpauj ≫ Mingle-forum Version1.0.33
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Mingle Forum
Version
*-1.0.34
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.601 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://osvdb.org/96905
http://secunia.com/advisories/47687
http://secunia.com/secunia_research/2013-6
http://www.securityfocus.com/bid/62133
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a44d391-63e0-46a5-83fd-5624055705ea