Lucene search
HistoryMar 07, 2015 - 2:59 a.m.
CVE-2015-0895
cve-2015-0895
cross-site request forgery
csrf vulnerability
all in one wp security & firewall
wordpress
authentication hijacking
404 logs deletion
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.3%
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
Affected configurations
Node
tips_and_tricks_hqall_in_one_wordpress_security_and_firewallRange≤3.8.9wordpress
Related
cvelist
cvelist
CVE-2015-0895
2015-03-07 02:00:00
patchstack
patchstack
WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF
2015-01-08 00:00:00
nvd
nvd
CVE-2015-0895
2015-03-07 02:59:02
jvn
jvn
wpvulndb
wpvulndb
All In One WP Security & Firewall <= 3.8.9 - CSRF
2015-03-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-03-07 02:59:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.3%
Related for CVE-2015-0895