Lucene search

[email protected]CVE-2015-3634

HistoryJun 08, 2017 - 9:29 p.m.

CVE-2015-3634

2017-06-0821:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-3634

slideshowplugin

wordpress

remote attack

arbitrary read

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.

Affected configurations

NVD

Node

slideshow_projectslideshowMatch2.2.8wordpress

slideshow_projectslideshowMatch2.2.9wordpress

slideshow_projectslideshowMatch2.2.10wordpress

slideshow_projectslideshowMatch2.2.11wordpress

slideshow_projectslideshowMatch2.2.12wordpress

slideshow_projectslideshowMatch2.2.13wordpress

slideshow_projectslideshowMatch2.2.14wordpress

slideshow_projectslideshowMatch2.2.15wordpress

slideshow_projectslideshowMatch2.2.16wordpress

slideshow_projectslideshowMatch2.2.17wordpress

slideshow_projectslideshowMatch2.2.18wordpress

slideshow_projectslideshowMatch2.2.19wordpress

slideshow_projectslideshowMatch2.2.20wordpress

slideshow_projectslideshowMatch2.2.21wordpress

CPENameOperatorVersion
slideshow_project:slideshowslideshow project slideshoweq2.2.8
slideshow_project:slideshowslideshow project slideshoweq2.2.9
slideshow_project:slideshowslideshow project slideshoweq2.2.10
slideshow_project:slideshowslideshow project slideshoweq2.2.11
slideshow_project:slideshowslideshow project slideshoweq2.2.12
slideshow_project:slideshowslideshow project slideshoweq2.2.13
slideshow_project:slideshowslideshow project slideshoweq2.2.14
slideshow_project:slideshowslideshow project slideshoweq2.2.15
slideshow_project:slideshowslideshow project slideshoweq2.2.16
slideshow_project:slideshowslideshow project slideshoweq2.2.17

CPE	Name	Operator	Version
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.8
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.9
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.10
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.11
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.12
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.13
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.14
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.15
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.16
slideshow_project:slideshow	slideshow project slideshow	eq	2.2.17

Rows per page:

1-10 of 141

References

www.openwall.com/lists/oss-security/2015/05/02/12

www.securityfocus.com/bid/74453

github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04

wordpress.org/plugins/slideshow-jquery-image-gallery/#developers

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2015-3634

cvelist1 nvd1 wpvulndb1 patchstack2 prion1