Lucene search
HistoryMar 07, 2015 - 2:59 a.m.
CVE-2015-0895
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
52.2%
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
Affected configurations
Node
tips_and_tricks_hqall_in_one_wordpress_security_and_firewallRange≤3.8.9wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tips_and_tricks_hq | all_in_one_wordpress_security_and_firewall | * | cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2015-0895
2015-03-07 02:00:00
wpvulndb
wpvulndb
All In One WP Security & Firewall <= 3.8.9 - CSRF
2015-03-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-03-07 02:59:00
jvn
jvn
patchstack
patchstack
WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF
2015-01-08 00:00:00
cve
cve
CVE-2015-0895
2015-03-07 02:59:02
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
52.2%
Related for NVD:CVE-2015-0895