Lucene search

[email protected]CVE-2015-2755

HistoryApr 01, 2015 - 2:59 p.m.

CVE-2015-2755

2015-04-0114:59:00

CWE-352

[email protected]

web.nvd.nist.gov

ab google map

travel

wordpress

csrf

vulnerabilities

xss

nvd

6.7 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.

CPENameOperatorVersion
ab_google_map_travel_project:ab_google_map_travelab google map travel project ab google map travelle3.4

CPE	Name	Operator	Version
ab_google_map_travel_project:ab_google_map_travel	ab google map travel project ab google map travel	le	3.4

References

packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html

packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html

www.securityfocus.com/archive/1/534954/100/0/threaded

www.securityfocus.com/archive/1/535026/100/0/threaded

www.securityfocus.com/bid/71417

wordpress.org/plugins/ab-google-map-travel/changelog/

6.7 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2015-2755

securityvulns2 prion1 wpvulndb1 patchstack1 packetstorm1 nuclei1