Lucene search

[email protected]CVE-2014-9129

HistoryDec 05, 2014 - 3:59 p.m.

CVE-2014-9129

2014-12-0515:59:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-9129

csrf

vulnerability

creativeminds

cm downloads manager

wordpress

xss

nvd

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.

CPENameOperatorVersion
cminds:cm_download_managercminds cm download managerle2.0.6

CPE	Name	Operator	Version
cminds:cm_download_manager	cminds cm download manager	le	2.0.6

References

packetstormsecurity.com/files/129357/WordPress-CM-Download-Manager-2.0.6-XSS-CSRF.html

www.securityfocus.com/archive/1/534132/100/0/threaded

www.securityfocus.com/bid/71418

downloadsmanager.cminds.com/release-notes/

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2014-9129

prion1 packetstorm1 patchstack1 wpvulndb1 securityvulns2