Lucene search

K
nvd[email protected]NVD:CVE-2013-6797
HistoryNov 19, 2013 - 4:50 a.m.

CVE-2013-6797

2013-11-1904:50:57
CWE-352
web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.

Affected configurations

NVD
Node
sunil_nandablue_wrench_video_widgetRange1.0.5-wordpress
OR
sunil_nandablue_wrench_video_widgetMatch1.0.0-wordpress
OR
sunil_nandablue_wrench_video_widgetMatch1.0.1-wordpress
OR
sunil_nandablue_wrench_video_widgetMatch1.0.2-wordpress
OR
sunil_nandablue_wrench_video_widgetMatch1.0.3-wordpress
OR
sunil_nandablue_wrench_video_widgetMatch1.0.4-wordpress

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

Related for NVD:CVE-2013-6797