Lucene search

FlexeraCVE-2013-2710

HistoryJun 02, 2014 - 3:55 p.m.

CVE-2013-2710

2014-06-0215:55:10

CWE-352

flexera

web.nvd.nist.gov

cve-2013-2710

cross-site request forgery

csrf

contextual related posts

wordpress

xss

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.

Affected configurations

Nvd

Node

ajaydsouzacontextual_related_postsRange≤1.8.6wordpress

ajaydsouzacontextual_related_postsMatch1.0wordpress

ajaydsouzacontextual_related_postsMatch1.1wordpress

ajaydsouzacontextual_related_postsMatch1.1.1wordpress

ajaydsouzacontextual_related_postsMatch1.2wordpress

ajaydsouzacontextual_related_postsMatch1.2.1wordpress

ajaydsouzacontextual_related_postsMatch1.2.2wordpress

ajaydsouzacontextual_related_postsMatch1.3wordpress

ajaydsouzacontextual_related_postsMatch1.3.1wordpress

ajaydsouzacontextual_related_postsMatch1.4wordpress

ajaydsouzacontextual_related_postsMatch1.4.1wordpress

ajaydsouzacontextual_related_postsMatch1.4.2wordpress

ajaydsouzacontextual_related_postsMatch1.5wordpress

ajaydsouzacontextual_related_postsMatch1.5.1wordpress

ajaydsouzacontextual_related_postsMatch1.5.2wordpress

ajaydsouzacontextual_related_postsMatch1.6wordpress

ajaydsouzacontextual_related_postsMatch1.6.1wordpress

ajaydsouzacontextual_related_postsMatch1.6.2wordpress

ajaydsouzacontextual_related_postsMatch1.6.3wordpress

ajaydsouzacontextual_related_postsMatch1.6.4wordpress

ajaydsouzacontextual_related_postsMatch1.6.5wordpress

ajaydsouzacontextual_related_postsMatch1.7wordpress

ajaydsouzacontextual_related_postsMatch1.7.1wordpress

ajaydsouzacontextual_related_postsMatch1.7.2wordpress

ajaydsouzacontextual_related_postsMatch1.7.3wordpress

ajaydsouzacontextual_related_postsMatch1.8wordpress

ajaydsouzacontextual_related_postsMatch1.8.1wordpress

ajaydsouzacontextual_related_postsMatch1.8.2wordpress

ajaydsouzacontextual_related_postsMatch1.8.3wordpress

ajaydsouzacontextual_related_postsMatch1.8.4wordpress

ajaydsouzacontextual_related_postsMatch1.8.5wordpress

VendorProductVersionCPE
ajaydsouzacontextual_related_posts*cpe:2.3:a:ajaydsouza:contextual_related_posts:*:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.0cpe:2.3:a:ajaydsouza:contextual_related_posts:1.0:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.1cpe:2.3:a:ajaydsouza:contextual_related_posts:1.1:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.1.1cpe:2.3:a:ajaydsouza:contextual_related_posts:1.1.1:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.2cpe:2.3:a:ajaydsouza:contextual_related_posts:1.2:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.2.1cpe:2.3:a:ajaydsouza:contextual_related_posts:1.2.1:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.2.2cpe:2.3:a:ajaydsouza:contextual_related_posts:1.2.2:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.3cpe:2.3:a:ajaydsouza:contextual_related_posts:1.3:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.3.1cpe:2.3:a:ajaydsouza:contextual_related_posts:1.3.1:*:*:*:*:wordpress:*:*
ajaydsouzacontextual_related_posts1.4cpe:2.3:a:ajaydsouza:contextual_related_posts:1.4:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
ajaydsouza	contextual_related_posts	*	cpe:2.3:a:ajaydsouza:contextual_related_posts::::::wordpress::*
ajaydsouza	contextual_related_posts	1.0	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.0:::::wordpress::
ajaydsouza	contextual_related_posts	1.1	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.1:::::wordpress::
ajaydsouza	contextual_related_posts	1.1.1	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.1.1:::::wordpress::
ajaydsouza	contextual_related_posts	1.2	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.2:::::wordpress::
ajaydsouza	contextual_related_posts	1.2.1	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.2.1:::::wordpress::
ajaydsouza	contextual_related_posts	1.2.2	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.2.2:::::wordpress::
ajaydsouza	contextual_related_posts	1.3	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.3:::::wordpress::
ajaydsouza	contextual_related_posts	1.3.1	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.3.1:::::wordpress::
ajaydsouza	contextual_related_posts	1.4	cpe:2.3:a:ajaydsouza:contextual_related_posts:1.4:::::wordpress::

Rows per page:

1-10 of 311

References

secunia.com/advisories/52960

wordpress.org/plugins/contextual-related-posts/changelog/

www.securityfocus.com/bid/59733

exchange.xforce.ibmcloud.com/vulnerabilities/84100

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Related for CVE-2013-2710