6.8
CVE-2014-8948
- EPSS 3.72%
- Veröffentlicht 16.11.2014 11:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginiMember360 3.8.0.12 - 3.9.001 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.
Mögliche Gegenmaßnahme
iMember360is: Update to version 3.9.001, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imember360 ≫ Imember360 Version3.8.012 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.8.013 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.8.014 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.9.000 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.9.001 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
iMember360is
Version
[3.8.012, 3.9.001)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.72% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html
http://seclists.org/fulldisclosure/2014/Apr/265
http://secunia.com/advisories/58094
http://www.exploit-db.com/exploits/33076
http://osvdb.org/show/osvdb/106301
https://www.wordfence.com/threat-intel/vulnerabilities/id/c1621cd2-78d3-4429-862a-b425f5436f38