Lucene search

MitreCVE-2014-2559

HistoryOct 17, 2014 - 10:55 p.m.

CVE-2014-2559

2014-10-1722:55:04

CWE-352

mitre

web.nvd.nist.gov

csrf

twitget

wordpress

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.01

Percentile

83.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php.

Affected configurations

Nvd

Node

twitget_projecttwitgetRange≤3.3.1wordpress

VendorProductVersionCPE
twitget_projecttwitget*cpe:2.3:a:twitget_project:twitget:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
twitget_project	twitget	*	cpe:2.3:a:twitget_project:twitget::::::wordpress::*

References

packetstormsecurity.com/files/126134

seclists.org/fulldisclosure/2014/Apr/172

secunia.com/advisories/57892

wordpress.org/plugins/twitget/changelog

exchange.xforce.ibmcloud.com/vulnerabilities/92391

security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.01

Percentile

83.3%

JSON

Related for CVE-2014-2559