CVE-2015-10093

EPSS 0.55%
Veröffentlicht 06.03.2023 07:15:10
Zuletzt bearbeitet 21.11.2024 02:24:21
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Mark User as Spammer Plugin plugin.php user_row_actions cross site scripting

Mark User as Spammer <= 1.0.1 - Reflected Cross-Site Scripting

A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.

Mögliche Gegenmaßnahme

Mark User as Spammer: Update to version 1.0.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mark User As Spammer Project ≫ Mark User As Spammer Version1.0.0 SwPlatformwordpress

Mark User As Spammer Project ≫ Mark User As Spammer Version1.0.1 SwPlatformwordpress

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Mark User as Spammer

Version *-1.0.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.417

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	2.6	1.2	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62

Patch

https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2

Release Notes

https://vuldb.com/?ctiid.222325

Third Party Advisory

https://vuldb.com/?id.222325

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/d5cab96c-f6ab-4ee6-8453-22e8a39cc82f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-10093

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-10093

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-10093

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-10093