CVE-2013-3258

EPSS 1.07%
Veröffentlicht 02.06.2014 15:55:10
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

Digg Digg < 5.3.5 - Cross-Site Request Forgery

Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.

Mögliche Gegenmaßnahme

digg-digg: Update to version 5.3.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 24 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bufferapp ≫ Digg Digg SwPlatformwordpress Version <= 5.3.4

Bufferapp ≫ Digg Digg Version5.0 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.0.1 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.0.2 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.0.3 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.0.4 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.0.5 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.1 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.1.1 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.1.2 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.1 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.2 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.3 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.4 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.5 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.6 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.7 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.8 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.2.9 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.3.0 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.3.1 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.3.2 SwPlatformwordpress

Bufferapp ≫ Digg Digg Version5.3.3 SwPlatformwordpress

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt digg-digg

Version [*, 5.3.5)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.604

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://secunia.com/advisories/53120

http://wordpress.org/plugins/digg-digg/changelog/

Patch

http://www.securityfocus.com/bid/60046

https://exchange.xforce.ibmcloud.com/vulnerabilities/84418

https://www.wordfence.com/threat-intel/vulnerabilities/id/5df8983e-16c9-4a23-9bf4-331d70384e74

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-3258

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3258

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3258

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2013-3258