CVE-2017-12651

Sažetak

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

Reference

https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/
https://sv.wordpress.org/plugins/loginizer/#developers
https://wpvulndb.com/vulnerabilities/8884

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-08-2017 - 15:53

Objavljeno

07-08-2017 - 17:29