CVE-2013-2693

Published Apr 10, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCBC4393-B713-4A73-8D0F-FD9479A71881",
            "versionEndIncluding": "2.51"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.00:-:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4465CC91-EAD7-4DD7-BF36-68FD9440F3A1"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.00:a:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "735BA87A-5D87-4D64-99AB-B66E77A73EFD"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.01:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87C0B3F0-C57D-4A81-B06A-DC2E2E0E9E63"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.02:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FDA33A0-F839-455E-9E5B-534DDE7F3E17"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.03:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AB25272-AC13-439D-9EF4-EE89AED44460"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.04:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51C9083C-1BCE-4E26-ACFE-2279886EE62C"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.05:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D57903A-0EAB-4AA4-A6D9-1273312C71E9"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.06:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ECA0F7D-42C7-4754-AB31-79DAACF3848D"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.10:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84348C8A-B136-4104-8C58-6AFF289778D7"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.11:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A865890C-03CD-491E-986B-AFCB3521828A"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.20:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DA4E42B-0D64-4634-BAB2-FB417B626FB9"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.30:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EC2B195-C194-482D-8349-3F09E78B390E"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.31:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D95401A-D406-4B28-A153-5A9980AC99D2"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.40:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E828011D-248F-4262-829D-837904FEDAE0"
          },
          {
            "criteria": "cpe:2.3:a:wp-plugins:wp-print:2.50:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA3843A7-E609-4F5E-BB0D-267BDC2D79EC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References