6.8
CVE-2013-2709
- EPSS 0.13%
- Veröffentlicht 26.04.2013 11:41:57
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginFourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Mögliche Gegenmaßnahme
FourSquare Checkins: Update to version 1.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
FourSquare Checkins
Version
[*, 1.3)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Crunchify ≫ Foursquare-checkins Version <= 1.2
Crunchify ≫ Foursquare-checkins Version1.0
Crunchify ≫ Foursquare-checkins Version1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.285 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.