Details of VAR-201908-1124

ID

VAR-201908-1124

CVE

CVE-2016-10867

TITLE

WordPress for all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-007637

DESCRIPTION

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. all-in-one-wp-security-and-firewall is a website security protection plugin used in it. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2016-10867 // JVNDB: JVNDB-2019-007637 // VULHUB: VHN-89686 // VULMON: CVE-2016-10867

AFFECTED PRODUCTS

vendor:	tipsandtricks hq	model:	all in one wp security \& firewall	scope:	lt	version:	4.0.6	Trust: 1.0
vendor:	tips and tricks hq	model:	all in one wp security & firewall	scope:	lt	version:	4.0.6	Trust: 0.8

sources: JVNDB: JVNDB-2019-007637 // NVD: CVE-2016-10867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10867
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-10867
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-886
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-89686
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-10867
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-10867
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-89686
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10867
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2016-10867
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-89686 // VULMON: CVE-2016-10867 // JVNDB: JVNDB-2019-007637 // CNNVD: CNNVD-201908-886 // NVD: CVE-2016-10867

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-89686 // JVNDB: JVNDB-2019-007637 // NVD: CVE-2016-10867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-886

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-886

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007637

PATCH

title:	All In One WP Security & Firewall	url:	https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Trust: 0.8
title:	WordPress all-in-one-wp-security-and-firewall Fixes for plugin security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96575	Trust: 0.6

sources: JVNDB: JVNDB-2019-007637 // CNNVD: CNNVD-201908-886

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10867	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-007637	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-886	Trust: 0.7
db:	VULHUB	id:	VHN-89686	Trust: 0.1
db:	VULMON	id:	CVE-2016-10867	Trust: 0.1

sources: VULHUB: VHN-89686 // VULMON: CVE-2016-10867 // JVNDB: JVNDB-2019-007637 // CNNVD: CNNVD-201908-886 // NVD: CVE-2016-10867

REFERENCES

url:	https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Trust: 1.8
url:	https://wpvulndb.com/vulnerabilities/9736	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10867	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10867	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-89686 // VULMON: CVE-2016-10867 // JVNDB: JVNDB-2019-007637 // CNNVD: CNNVD-201908-886 // NVD: CVE-2016-10867

SOURCES

db:	VULHUB	id:	VHN-89686
db:	VULMON	id:	CVE-2016-10867
db:	JVNDB	id:	JVNDB-2019-007637
db:	CNNVD	id:	CNNVD-201908-886
db:	NVD	id:	CVE-2016-10867

LAST UPDATE DATE

2024-11-23T23:04:40.052000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-89686	date:	2023-03-01T00:00:00
db:	VULMON	id:	CVE-2016-10867	date:	2020-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-007637	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-886	date:	2020-02-10T00:00:00
db:	NVD	id:	CVE-2016-10867	date:	2024-11-21T02:44:56.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-89686	date:	2019-08-13T00:00:00
db:	VULMON	id:	CVE-2016-10867	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007637	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-886	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2016-10867	date:	2019-08-13T18:15:11.587