var-201503-0452
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. All In One WP Security & Firewall is WordPress plugin that provides security functionality. If a user views a malicious page while logged in, access logs (404 events) maintained by the product may be deleted. An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "all in one wordpress security and firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "tips and tricks hq",
"version": "3.8.9"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "lte",
"trust": 0.8,
"vendor": "tips and tricks hq",
"version": "v3.8.9"
},
{
"model": "all in one wordpress security and firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "tips and tricks hq",
"version": "3.8.9"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.9"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.3"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.2"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.9.0"
}
],
"sources": [
{
"db": "BID",
"id": "74387"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-127"
},
{
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JPCERT",
"sources": [
{
"db": "BID",
"id": "74387"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0895",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-0895",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000038",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-78841",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0895",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000038",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-127",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78841",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78841"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-127"
},
{
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in the All In One WP Security \u0026 Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. All In One WP Security \u0026 Firewall is WordPress plugin that provides security functionality. If a user views a malicious page while logged in, access logs (404 events) maintained by the product may be deleted. \nAn attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0895"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"db": "BID",
"id": "74387"
},
{
"db": "VULHUB",
"id": "VHN-78841"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0895",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN87204433",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201503-127",
"trust": 0.7
},
{
"db": "BID",
"id": "74387",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-78841",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78841"
},
{
"db": "BID",
"id": "74387"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-127"
},
{
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"id": "VAR-201503-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78841"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:52:44.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "All In One WP Security \u0026 Firewall - Changelog",
"trust": 0.8,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78841"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn87204433/index.html"
},
{
"trust": 1.7,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000038"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0895"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0895"
},
{
"trust": 0.3,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall all in one wp security \u0026 firewall"
},
{
"trust": 0.3,
"url": "http://wordpress.org/"
},
{
"trust": 0.3,
"url": "jvn.jp/en/jp/jvn87204433/index.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78841"
},
{
"db": "BID",
"id": "74387"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-127"
},
{
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78841"
},
{
"db": "BID",
"id": "74387"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-127"
},
{
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-78841"
},
{
"date": "2015-03-06T00:00:00",
"db": "BID",
"id": "74387"
},
{
"date": "2015-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-127"
},
{
"date": "2015-03-07T02:59:02.723000",
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-78841"
},
{
"date": "2015-03-06T00:00:00",
"db": "BID",
"id": "74387"
},
{
"date": "2015-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000038"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-127"
},
{
"date": "2024-11-21T02:23:57.190000",
"db": "NVD",
"id": "CVE-2015-0895"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-127"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All In One WP Security \u0026 Firewall vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000038"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-127"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…