CVE-2015-10001

Sažetak

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads

Reference

https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734
https://www.openwall.com/lists/oss-security/2015/06/17/6

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

03-11-2021 - 14:41

Objavljeno

01-11-2021 - 09:15