Lucene search

[email protected]CVE-2015-0920

HistoryJan 08, 2015 - 3:59 p.m.

CVE-2015-0920

2015-01-0815:59:08

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-0920

cross-site request forgery

csrf vulnerability

banner effect header plugin

wordpress

xss attacks

nvd

6.6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.

Affected configurations

NVD

Node

banner_effect_header_projectbanner_effect_headerMatch1.2.6wordpress

CPENameOperatorVersion
banner_effect_header_project:banner_effect_headerbanner effect header project banner effect headereq1.2.6

CPE	Name	Operator	Version
banner_effect_header_project:banner_effect_header	banner effect header project banner effect header	eq	1.2.6

References

packetstormsecurity.com/files/129804/WordPress-Banner-Effect-Header-1.2.6-XSS-CSRF.html

exchange.xforce.ibmcloud.com/vulnerabilities/99613

exchange.xforce.ibmcloud.com/vulnerabilities/99614

6.6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2015-0920

nvd1 cvelist1 patchstack1 prion1 wpvulndb1