Lucene search

MitreCVE-2015-0920

HistoryJan 08, 2015 - 3:59 p.m.

CVE-2015-0920

2015-01-0815:59:08

CWE-352

mitre

web.nvd.nist.gov

cve-2015-0920

cross-site request forgery

csrf vulnerability

banner effect header plugin

wordpress

xss attacks

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.

Affected configurations

Nvd

Node

banner_effect_header_projectbanner_effect_headerMatch1.2.6wordpress

VendorProductVersionCPE
banner_effect_header_projectbanner_effect_header1.2.6cpe:2.3:a:banner_effect_header_project:banner_effect_header:1.2.6:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
banner_effect_header_project	banner_effect_header	1.2.6	cpe:2.3:a:banner_effect_header_project:banner_effect_header:1.2.6:::::wordpress::

References

packetstormsecurity.com/files/129804/WordPress-Banner-Effect-Header-1.2.6-XSS-CSRF.html

exchange.xforce.ibmcloud.com/vulnerabilities/99613

exchange.xforce.ibmcloud.com/vulnerabilities/99614

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for CVE-2015-0920