Lucene search

[email protected]CVE-2014-9460

HistoryJan 02, 2015 - 8:59 p.m.

CVE-2014-9460

2015-01-0220:59:20

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-9460

cross-site request forgery

csrf

wp-vipergb

wordpress

remote attack

authentication hijacking

cross-site scripting

xss

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php.

Affected configurations

NVD

Node

justin_kleinwp-vipergbRange≤1.3.10wordpress

CPENameOperatorVersion
justin_klein:wp-vipergbjustin klein wp-vipergble1.3.10

CPE	Name	Operator	Version
justin_klein:wp-vipergb	justin klein wp-vipergb	le	1.3.10

References

packetstormsecurity.com/files/129501/WordPress-WP-ViperGB-1.3.10-CSRF-XSS.html

exchange.xforce.ibmcloud.com/vulnerabilities/99439

exchange.xforce.ibmcloud.com/vulnerabilities/99440

wordpress.org/plugins/wp-vipergb/changelog/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for CVE-2014-9460

prion2 patchstack1 nvd2 wpvulndb1 cvelist2 cve1