CVE-2013-7233 : Detail

CVE-2013-7233

Cross-Site Request Forgery - CSRF
A01-Broken Access Control
0.16%V3
Network
2013-12-30
02h00 +00:00
2024-09-16
18h12 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Metrics

Metrics Score Severity CVSS Vector Source
V2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 38924

Publication date : 2013-12-16 23h00 +00:00
Author : MustLive
EDB Verified : Yes

source: https://www.securityfocus.com/bid/64564/info WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. WordPress 2.0.11 is vulnerable. http://www.example.com/wp-admin/options-discussion.php?action=retrospam&move=true&ids=1

Products Mentioned

Configuraton 0

Wordpress>>Wordpress >> Version To (including) 2.0.11

Wordpress>>Wordpress >> Version 2.0

Wordpress>>Wordpress >> Version 2.0.1

Wordpress>>Wordpress >> Version 2.0.2

Wordpress>>Wordpress >> Version 2.0.4

Wordpress>>Wordpress >> Version 2.0.5

Wordpress>>Wordpress >> Version 2.0.6

Wordpress>>Wordpress >> Version 2.0.7

Wordpress>>Wordpress >> Version 2.0.8

Wordpress>>Wordpress >> Version 2.0.9

Wordpress>>Wordpress >> Version 2.0.10

References

http://www.osvdb.org/101184
Tags : vdb-entry, x_refsource_OSVDB
http://seclists.org/fulldisclosure/2013/Dec/145
Tags : mailing-list, x_refsource_FULLDISC