Details of VAR-201604-0696

ID

VAR-201604-0696

TITLE

WordPress Simple Add Pages or Posts plugin cross-site request forgery vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-02409

DESCRIPTION

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language. The platform supports the setting up of personal blog websites on PHP and MySQL servers. The WordPress Simple Add Pages or Posts plugin has a cross-site request forgery vulnerability. Allows remote attackers to construct malicious URIs, seduce users to resolve, and perform malicious operations on the target user context.

Trust: 0.6

sources: CNVD: CNVD-2016-02409

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02409

AFFECTED PRODUCTS

vendor:

wordpress

model:

simple add pages or posts plugin

scope:

version:

1.6

Trust: 0.6

sources: CNVD: CNVD-2016-02409

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-02409
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-02409
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-02409

EXTERNAL IDS

db:	EXPLOITDB	id:	39384	Trust: 0.6
db:	EXPLOIT-DB	id:	39384	Trust: 0.6
db:	CNVD	id:	CNVD-2016-02409	Trust: 0.6

sources: CNVD: CNVD-2016-02409

REFERENCES

url:

https://www.exploit-db.com/exploits/39384/

Trust: 0.6

sources: CNVD: CNVD-2016-02409

SOURCES

db:

CNVD

id:

CNVD-2016-02409

LAST UPDATE DATE

2022-05-17T01:47:56.170000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-02409

date:

2016-04-21T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-02409

date:

2016-04-21T00:00:00