Lucene search
HistoryJun 16, 2014 - 6:55 p.m.
CVE-2014-4163
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
70.6%
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
Affected configurations
Node
featured_comments_plugin_projectfeatured_commentsMatch1.2.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| featured_comments_plugin_project | featured_comments | 1.2.1 | cpe:2.3:a:featured_comments_plugin_project:featured_comments:1.2.1:*:*:*:*:wordpress:*:* |
References
Related
prion
prion
Cross site request forgery (csrf)
2014-06-16 18:55:00
exploitdb
exploitdb
WordPress Plugin Featured Comments - Cross-Site Request Forgery
2014-06-10 00:00:00
cve
cve
CVE-2014-4163
2014-06-16 18:55:09
patchstack
patchstack
WordPress Featured Comments Plugin - Cross Site Request Forgery
2014-06-10 00:00:00
cvelist
cvelist
CVE-2014-4163
2014-06-16 18:00:00
wpvulndb
wpvulndb
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
70.6%
Related for NVD:CVE-2014-4163