Lucene search

[email protected]CVE-2014-3850

HistoryJun 11, 2014 - 2:55 p.m.

CVE-2014-3850

2014-06-1114:55:08

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-3850

cross-site request forgery

csrf

member approval plugin

wordpress

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.2%

JSON

Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.

Affected configurations

NVD

Node

member_approval_plugin_projectmember_approvalMatch131109wordpress

CPENameOperatorVersion
member_approval_plugin_project:member_approvalmember approval plugin project member approvaleq131109

CPE	Name	Operator	Version
member_approval_plugin_project:member_approval	member approval plugin project member approval	eq	131109

References

seclists.org/fulldisclosure/2014/Jun/63

security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for CVE-2014-3850

wpvulndb1 patchstack1 prion1 cvelist1 packetstorm1 nvd1