Details of VAR-201908-1123

ID

VAR-201908-1123

CVE

CVE-2016-10866

TITLE

WordPress for all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-007638

DESCRIPTION

The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2016-10866 // JVNDB: JVNDB-2019-007638 // VULHUB: VHN-89685 // VULMON: CVE-2016-10866

AFFECTED PRODUCTS

vendor:	tipsandtricks hq	model:	all in one wp security \& firewall	scope:	lt	version:	4.2.0	Trust: 1.0
vendor:	tips and tricks hq	model:	all in one wp security & firewall	scope:	lt	version:	4.2.0	Trust: 0.8

sources: JVNDB: JVNDB-2019-007638 // NVD: CVE-2016-10866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10866
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-10866
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-883
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-89685
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-10866
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-10866
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-89685
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10866
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-89685 // VULMON: CVE-2016-10866 // JVNDB: JVNDB-2019-007638 // CNNVD: CNNVD-201908-883 // NVD: CVE-2016-10866

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-89685 // JVNDB: JVNDB-2019-007638 // NVD: CVE-2016-10866

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-883

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-883

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007638

PATCH

title:	All In One WP Security & Firewall	url:	https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Trust: 0.8
title:	WordPress all-in-one-wp-security-and-firewall Fixes for plugin cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96572	Trust: 0.6

sources: JVNDB: JVNDB-2019-007638 // CNNVD: CNNVD-201908-883

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10866	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-007638	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-883	Trust: 0.7
db:	VULHUB	id:	VHN-89685	Trust: 0.1
db:	VULMON	id:	CVE-2016-10866	Trust: 0.1

sources: VULHUB: VHN-89685 // VULMON: CVE-2016-10866 // JVNDB: JVNDB-2019-007638 // CNNVD: CNNVD-201908-883 // NVD: CVE-2016-10866

REFERENCES

url:	https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10866	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10866	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-89685 // VULMON: CVE-2016-10866 // JVNDB: JVNDB-2019-007638 // CNNVD: CNNVD-201908-883 // NVD: CVE-2016-10866

SOURCES

db:	VULHUB	id:	VHN-89685
db:	VULMON	id:	CVE-2016-10866
db:	JVNDB	id:	JVNDB-2019-007638
db:	CNNVD	id:	CNNVD-201908-883
db:	NVD	id:	CVE-2016-10866

LAST UPDATE DATE

2024-11-23T21:52:00.233000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-89685	date:	2019-08-15T00:00:00
db:	VULMON	id:	CVE-2016-10866	date:	2019-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-007638	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-883	date:	2019-08-19T00:00:00
db:	NVD	id:	CVE-2016-10866	date:	2024-11-21T02:44:56.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-89685	date:	2019-08-13T00:00:00
db:	VULMON	id:	CVE-2016-10866	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007638	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-883	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2016-10866	date:	2019-08-13T18:15:11.527