6.8
CVE-2013-3477
- EPSS 1.07%
- Veröffentlicht 27.05.2014 14:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginRelated Posts by Zemanta <= 1.3.1 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.
Mögliche Gegenmaßnahme
Related Posts by Zemanta: Update to version 1.3.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zemanta ≫ Related Posts SwPlatformwordpress Version <= 1.3.1
Zemanta ≫ Related Posts Version1.0 SwPlatformwordpress
Zemanta ≫ Related Posts Version1.1 SwPlatformwordpress
Zemanta ≫ Related Posts Version1.2 SwPlatformwordpress
Zemanta ≫ Related Posts Version1.3 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Related Posts by Zemanta
Version
*-1.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.07% | 0.604 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://secunia.com/advisories/53321
http://wordpress.org/plugins/related-posts-by-zemanta/changelog/
http://www.securityfocus.com/bid/59840
https://exchange.xforce.ibmcloud.com/vulnerabilities/84246
https://www.wordfence.com/threat-intel/vulnerabilities/id/73878d57-dd94-41d7-a26a-47c8e6eac0fd