CVE-2013-3257

EPSS 1.07%
Veröffentlicht 02.06.2014 15:55:10
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

Related Posts < 2.7.2 - Cross-Site Request Forgery

Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.

Mögliche Gegenmaßnahme

Related Posts: Update to version 2.7.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 19 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zemanta ≫ Related Posts SwPlatformwordpress Version <= 2.7.1

Zemanta ≫ Related Posts Version1.0 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.1 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.2 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.3 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.3.1 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.3.2 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.3.3 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.4 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.5 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.6 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.7 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.8 SwPlatformwordpress

Zemanta ≫ Related Posts Version1.8.1 SwPlatformwordpress

Zemanta ≫ Related Posts Version2.3 SwPlatformwordpress

Zemanta ≫ Related Posts Version2.4.1 SwPlatformwordpress

Zemanta ≫ Related Posts Version2.5.1 SwPlatformwordpress

Zemanta ≫ Related Posts Version2.6 SwPlatformwordpress

Zemanta ≫ Related Posts Version2.7 SwPlatformwordpress

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Related Posts

Version [*, 2.7.2)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.604

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://secunia.com/advisories/53122

http://wordpress.org/plugins/related-posts/changelog/

Patch

http://www.securityfocus.com/bid/59836

https://exchange.xforce.ibmcloud.com/vulnerabilities/84245

https://www.wordfence.com/threat-intel/vulnerabilities/id/71463210-d65f-4a6c-ab5f-ebaafebb83e2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-3257

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3257

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3257

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2013-3257