Lucene search

K
cve[email protected]CVE-2014-3843
HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-3843

2022-10-0316:20:24
CWE-352
web.nvd.nist.gov
16
cve-2014-3843
cross-site request forgery
csrf
search everything plugin
wordpress
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.5%

Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected configurations

NVD
Node
zemantasearch_everythingRange8.1wordpress
OR
zemantasearch_everythingMatch7.0.2wordpress
OR
zemantasearch_everythingMatch7.0.3wordpress
OR
zemantasearch_everythingMatch7.0.4wordpress
OR
zemantasearch_everythingMatch8.0wordpress
AND
wordpresswordpressMatch-

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.5%