Lucene search

[email protected]CVE-2015-2792

HistoryOct 03, 2022 - 4:16 p.m.

CVE-2015-2792

2022-10-0316:16:11

CWE-284

[email protected]

web.nvd.nist.gov

wpml

wordpress

cve-2015-2792

security vulnerability

nonce bypass

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.

Affected configurations

NVD

Node

wpmlwpmlRange≤3.1.8wordpress

CPENameOperatorVersion
wpml:wpmlwpmlle3.1.8

CPE	Name	Operator	Version
wpml:wpml	wpml	le	3.1.8

References

klikki.fi/adv/wpml.html

packetstormsecurity.com/files/130839/WordPress-WPML-Missing-Authentication.html

seclists.org/fulldisclosure/2015/Mar/79

wpml.org/2015/03/wpml-security-update-bug-and-fix/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2015-2792

nvd1 cvelist1 patchstack1 prion1 wpvulndb1 kaspersky1