CVE-2013-3491

EPSS 0.14%
Veröffentlicht 16.07.2013 14:08:50
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

Sharebar <= 1.4.2 - Cross-Site Scripting

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences.

Mögliche Gegenmaßnahme

Sharebar: Update to version 1.4.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Sharebar

Version *-1.4.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mdolon ≫ Sharebar Version1.2.5

Wordpress ≫ Wordpress Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.342

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://secunia.com/advisories/52948

Vendor Advisory

http://www.securityfocus.com/bid/60956

https://exchange.xforce.ibmcloud.com/vulnerabilities/85438

https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a32267-6d99-4882-8601-8c4d36575e0f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-3491

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3491

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3491

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2013-3491