Sign-up

ID

VAR-201908-1125


CVE

CVE-2016-10868


TITLE

WordPress for all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-007682

DESCRIPTION

The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2016-10868 // JVNDB: JVNDB-2019-007682 // VULHUB: VHN-89687

AFFECTED PRODUCTS

vendor:tipsandtricks hqmodel:all in one wp security \& firewallscope:ltversion:4.0.5

Trust: 1.0

vendor:tips and tricks hqmodel:all in one wp security & firewallscope:ltversion:4.0.5

Trust: 0.8

sources: JVNDB: JVNDB-2019-007682 // NVD: CVE-2016-10868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10868
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-10868
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-850
value: MEDIUM

Trust: 0.6

VULHUB: VHN-89687
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-10868
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-89687
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10868
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-89687 // JVNDB: JVNDB-2019-007682 // CNNVD: CNNVD-201908-850 // NVD: CVE-2016-10868

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-89687 // JVNDB: JVNDB-2019-007682 // NVD: CVE-2016-10868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-850

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-850

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007682

PATCH
title:All In One WP Security & Firewallurl:https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers
Trust: 0.8
title:WordPress all-in-one-wp-security-and-firewall Fixes for plugin cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96540
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007682 // 
            
            
            
            CNNVD: CNNVD-201908-850

EXTERNAL IDS
db:NVDid:CVE-2016-10868
Trust: 2.5
db:JVNDBid:JVNDB-2019-007682
Trust: 0.8
db:CNNVDid:CNNVD-201908-850
Trust: 0.7
db:VULHUBid:VHN-89687
Trust: 0.1
sources:
            
            
            VULHUB: VHN-89687 // 
            
            
            
            JVNDB: JVNDB-2019-007682 // 
            
            
            
            CNNVD: CNNVD-201908-850 // 
            
            
            
            NVD: CVE-2016-10868

REFERENCES
url:https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2016-10868
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10868
Trust: 0.8
sources:
            
            
            VULHUB: VHN-89687 // 
            
            
            
            JVNDB: JVNDB-2019-007682 // 
            
            
            
            CNNVD: CNNVD-201908-850 // 
            
            
            
            NVD: CVE-2016-10868

SOURCES
db:VULHUBid:VHN-89687
db:JVNDBid:JVNDB-2019-007682
db:CNNVDid:CNNVD-201908-850
db:NVDid:CVE-2016-10868

LAST UPDATE DATE
2024-11-23T22:29:58.271000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-89687date:2019-08-16T00:00:00
db:JVNDBid:JVNDB-2019-007682date:2019-08-19T00:00:00
db:CNNVDid:CNNVD-201908-850date:2019-08-19T00:00:00
db:NVDid:CVE-2016-10868date:2024-11-21T02:44:56.800

SOURCES RELEASE DATE
db:VULHUBid:VHN-89687date:2019-08-13T00:00:00
db:JVNDBid:JVNDB-2019-007682date:2019-08-19T00:00:00
db:CNNVDid:CNNVD-201908-850date:2019-08-13T00:00:00
db:NVDid:CVE-2016-10868date:2019-08-13T17:15:12.233