6.8
CVE-2013-3477
- EPSS 0.14%
- Veröffentlicht 27.05.2014 14:55:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginRelated Posts by Zemanta <= 1.3.1 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.
Mögliche Gegenmaßnahme
Related Posts by Zemanta: Update to version 1.3.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Related Posts by Zemanta
Version
* - 1.3.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zemanta ≫ Related Posts SwPlatformwordpress Version <= 1.3.1
Zemanta ≫ Related Posts Version1.0 SwPlatformwordpress
Zemanta ≫ Related Posts Version1.1 SwPlatformwordpress
Zemanta ≫ Related Posts Version1.2 SwPlatformwordpress
Zemanta ≫ Related Posts Version1.3 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.307 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.