Lucene search

[email protected]CVE-2013-4240

HistoryApr 02, 2014 - 4:05 p.m.

CVE-2013-4240

2014-04-0216:05:50

CWE-352

[email protected]

web.nvd.nist.gov

cve-2013-4240

hms testimonials

csrf

vulnerability

wordpress

plugin

hijack authentication

remote attackers

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.

Affected configurations

NVD

Node

hitmyserverhms_testimonialsRange≤2.0.10wordpress

hitmyserverhms_testimonialsMatch1.1wordpress

hitmyserverhms_testimonialsMatch1.2wordpress

hitmyserverhms_testimonialsMatch1.3wordpress

hitmyserverhms_testimonialsMatch1.4wordpress

hitmyserverhms_testimonialsMatch1.4.1wordpress

hitmyserverhms_testimonialsMatch1.5wordpress

hitmyserverhms_testimonialsMatch1.6wordpress

hitmyserverhms_testimonialsMatch1.6.1wordpress

hitmyserverhms_testimonialsMatch1.6.2wordpress

hitmyserverhms_testimonialsMatch1.7wordpress

hitmyserverhms_testimonialsMatch1.7.1wordpress

hitmyserverhms_testimonialsMatch2.0wordpress

hitmyserverhms_testimonialsMatch2.0.1wordpress

hitmyserverhms_testimonialsMatch2.0.2wordpress

hitmyserverhms_testimonialsMatch2.0.3wordpress

hitmyserverhms_testimonialsMatch2.0.4wordpress

hitmyserverhms_testimonialsMatch2.0.5wordpress

hitmyserverhms_testimonialsMatch2.0.6wordpress

hitmyserverhms_testimonialsMatch2.0.7wordpress

hitmyserverhms_testimonialsMatch2.0.8wordpress

hitmyserverhms_testimonialsMatch2.0.9wordpress

CPENameOperatorVersion
hitmyserver:hms_testimonialshitmyserver hms testimonialsle2.0.10
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.1
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.2
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.3
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.4
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.4.1
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.5
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.6
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.6.1
hitmyserver:hms_testimonialshitmyserver hms testimonialseq1.6.2

CPE	Name	Operator	Version
hitmyserver:hms_testimonials	hitmyserver hms testimonials	le	2.0.10
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.1
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.2
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.3
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.4
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.4.1
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.5
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.6
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.6.1
hitmyserver:hms_testimonials	hitmyserver hms testimonials	eq	1.6.2