6.8
CVE-2013-2709
- EPSS 0.95%
- Veröffentlicht 26.04.2013 11:41:57
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginFourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Mögliche Gegenmaßnahme
FourSquare Checkins: Update to version 1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Crunchify ≫ Foursquare-checkins Version <= 1.2
Crunchify ≫ Foursquare-checkins Version1.0
Crunchify ≫ Foursquare-checkins Version1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
FourSquare Checkins
Version
[*, 1.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.567 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://secunia.com/advisories/53151
http://wordpress.org/extend/plugins/foursquare-checkins/changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/32d80824-c420-40e8-8c07-fb17b1b50644