Lucene search

K
cve[email protected]CVE-2015-10001
HistoryNov 01, 2021 - 9:15 a.m.

CVE-2015-10001

2021-11-0109:15:07
CWE-352
web.nvd.nist.gov
17
cve-2015-10001
wp-stats
wordpress
csrf
xss
nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

31.0%

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads

Affected configurations

Vulners
NVD
Node
wp-stats_projectwp-statsRange<2.52
VendorProductVersionCPE
wp\-stats_projectwp\-stats*cpe:2.3:a:wp\-stats_project:wp\-stats:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "WP-Stats",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.52",
        "status": "affected",
        "version": "2.52",
        "versionType": "custom"
      }
    ]
  }
]

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

31.0%

Related for CVE-2015-10001