CVE-2013-10027

EPSS 0.07%
Veröffentlicht 04.06.2023 14:15:09
Zuletzt bearbeitet 21.11.2024 01:48:41
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The patch is identified as b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wordpress ≫ Blogger Importer SwPlatformwordpress Version < 0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.173

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/wp-plugins/blogger-importer/commit/b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70

Patch

https://vuldb.com/?ctiid.230658

Third Party Advisory

Permissions Required

https://vuldb.com/?id.230658

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-10027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-10027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-10027

EUVD