8.8
CVE-2014-5034
- EPSS 1.12%
- Veröffentlicht 06.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:11:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBrute Force Login Protection <= 1.5.1 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.
Mögliche Gegenmaßnahme
Brute Force Login Protection: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fresh-media ≫ Brute Force Login Protection Version1.3 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Brute Force Login Protection
Version
*-1.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.12% | 0.618 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html
https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2d46ac3-6751-475d-8d91-eabbc27a6295