Lucene search

K

MitreCVELIST:CVE-2013-5977

HistoryNov 01, 2013 - 2:00 p.m.

CVE-2013-5977

2013-11-0114:00:00

mitre

www.cve.org

1

0.004 Low

EPSS

Percentile

73.8%

Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.

References

archives.neohapsis.com/archives/bugtraq/2013-10/0048.html

blog.noobroot.com/#%21/2013/10/0-day-wordpress-cart66-plugin-15114.html

osvdb.org/98352

packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

seclists.org/bugtraq/2013/Oct/52

secunia.com/advisories/55265

wordpress.org/plugins/cart66-lite/changelog/

www.exploit-db.com/exploits/28959

www.securityfocus.com/bid/62975

exchange.xforce.ibmcloud.com/vulnerabilities/87874

0.004 Low

EPSS

Percentile

73.8%

Related for CVELIST:CVE-2013-5977

cve2 patchstack1 prion2 nvd2 wpvulndb1 securityvulns4 cvelist1 zdt1 seebug1 exploitpack1 packetstorm1 exploitdb1