CVE-2015-10108

EPSS 0.44%
Veröffentlicht 31.05.2023 19:15:11
Zuletzt bearbeitet 21.11.2024 02:24:24
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery

Inline Google Spreadsheet Viewer <= 0.9.6 - Cross-Site Request Forgery

A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.

Mögliche Gegenmaßnahme

Inline Google Spreadsheet Viewer: Update to version 0.9.6.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inline Google Spreadsheet Viewer Project ≫ Inline Google Spreadsheet Viewer SwPlatformwordpress Version <= 0.9.6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Inline Google Spreadsheet Viewer

Version *-0.9.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.352

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747

Patch

https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1

Release Notes

https://vuldb.com/?ctiid.230234

Third Party Advisory

Permissions Required

https://vuldb.com/?id.230234

Third Party Advisory

Permissions Required

https://www.wordfence.com/threat-intel/vulnerabilities/id/f0543f32-54d4-4180-95c4-c9ddc0e08384

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-10108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-10108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-10108

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-10108