Lucene search

K
jvnJapan Vulnerability NotesJVN:05329568
HistoryJun 24, 2014 - 12:00 a.m.

JVN#05329568: Login rebuilder vulnerable to cross-site request forgery

2014-06-2400:00:00
Japan Vulnerability Notes
jvn.jp
16

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.6%

Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability.

Impact

If a user views a malicious page while logged in, unintended operations may be conducted.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

On 2014 June 24, Login rebuilder 1.2.3 which contains a fix for this vulnerability has been released.

Products Affected

  • Login rebuilder prior to 1.2.0

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.6%