CVE-2013-2700

{"id": "CVE-2013-2700", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-05-14T19:55:08.873", "references": [{"url": "http://osvdb.org/92113", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/52876", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://wordpress.org/plugins/wp125/changelog", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/692721", "tags": ["Exploit", "Patch"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://osvdb.org/92113", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52876", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wordpress.org/plugins/wp125/changelog", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plugins.trac.wordpress.org/changeset/692721", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en la p\u00e1gina Add/Edit (adminmenus.php) en el plugin WP125 anterior a 1.5.0 para WordPress permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que a\u00f1aden o editan un anuncio a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:52:11.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmaster-source:wp125:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "99B9FCE8-854D-4F92-B641-6DF6D7DF646C", "versionEndIncluding": "1.4.9"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.0.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "86E28C01-A224-47DF-AE09-C9BF85FCE2F9"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.1.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B87194DE-1CCC-4393-9B66-416CB736EB2B"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.2.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A5924A67-7AC2-42D5-AA4A-7A698AB9831E"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.3.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DCCC7E83-0ACD-4DA2-9F46-DA5C5C078095"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.3.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FB2F4E46-7CDB-4532-8B36-320F8FE05326"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.3.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9B98768B-2E0B-4B5E-A11A-094C03087A63"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.3.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "19FE5A81-742B-4971-A564-30D4FA13FBB1"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6EEE0501-9512-4C12-BBC1-BFD0B1995DE2"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EDD8D26A-0B49-4A47-93DA-DFABA479273C"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4E523FF4-6768-4B7D-81BA-D71ED28B51C7"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CDC8FBB5-8593-48BA-A002-BBD8F78392C6"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9D43C15B-E5A4-4350-B22C-32F7838BBE32"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "ED92D707-457F-4000-A67E-3842C0AEEA43"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E0AFBBCE-3082-4F7A-A3A1-BCE5674E939B"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4DFAF66C-7CE0-4F47-8B1D-A0F83E720EBB"}, {"criteria": "cpe:2.3:a:webmaster-source:wp125:1.4.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "39646A91-8196-4606-BA22-0A05A1313E33"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}