Details of VAR-201908-1203

ID

VAR-201908-1203

CVE

CVE-2015-9294

TITLE

WordPress for all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-007700

DESCRIPTION

The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2015-9294 // JVNDB: JVNDB-2019-007700 // VULHUB: VHN-87255

AFFECTED PRODUCTS

vendor:	tipsandtricks hq	model:	all in one wp security \& firewall	scope:	lt	version:	3.9.5	Trust: 1.0
vendor:	tips and tricks hq	model:	all in one wp security & firewall	scope:	lt	version:	3.9.5	Trust: 0.8

sources: JVNDB: JVNDB-2019-007700 // NVD: CVE-2015-9294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-9294
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-9294
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-841
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-87255
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-9294
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-87255
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-9294
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-87255 // JVNDB: JVNDB-2019-007700 // CNNVD: CNNVD-201908-841 // NVD: CVE-2015-9294

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-87255 // JVNDB: JVNDB-2019-007700 // NVD: CVE-2015-9294

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-841

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-841

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007700

PATCH

title:	All In One WP Security & Firewall	url:	https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Trust: 0.8
title:	WordPress all-in-one-wp-security-and-firewall Fixes for plugin cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96532	Trust: 0.6

sources: JVNDB: JVNDB-2019-007700 // CNNVD: CNNVD-201908-841

EXTERNAL IDS

db:	NVD	id:	CVE-2015-9294	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007700	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-841	Trust: 0.7
db:	VULHUB	id:	VHN-87255	Trust: 0.1

sources: VULHUB: VHN-87255 // JVNDB: JVNDB-2019-007700 // CNNVD: CNNVD-201908-841 // NVD: CVE-2015-9294

REFERENCES

url:	https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9294	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9294	Trust: 0.8

sources: VULHUB: VHN-87255 // JVNDB: JVNDB-2019-007700 // CNNVD: CNNVD-201908-841 // NVD: CVE-2015-9294

SOURCES

db:	VULHUB	id:	VHN-87255
db:	JVNDB	id:	JVNDB-2019-007700
db:	CNNVD	id:	CNNVD-201908-841
db:	NVD	id:	CVE-2015-9294

LAST UPDATE DATE

2024-11-23T22:58:36.462000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-87255	date:	2019-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-007700	date:	2019-08-19T00:00:00
db:	CNNVD	id:	CNNVD-201908-841	date:	2019-08-19T00:00:00
db:	NVD	id:	CVE-2015-9294	date:	2024-11-21T02:40:16.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-87255	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007700	date:	2019-08-19T00:00:00
db:	CNNVD	id:	CNNVD-201908-841	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2015-9294	date:	2019-08-13T17:15:11.687