CVE-2013-3262

Published Aug 9, 2013

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mikejolley:download_monitor:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B82BFD08-A7A4-4E1E-A2C6-60758016669D",
            "versionEndIncluding": "1.0.6"
          },
          {
            "criteria": "cpe:2.3:a:mikejolley:download_monitor:1.0.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7254601-9A90-4E92-99EC-6B16DDA3A17D"
          },
          {
            "criteria": "cpe:2.3:a:mikejolley:download_monitor:1.0.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6E1670B-FE1F-41B7-AE53-4EBFD3F3BFE7"
          },
          {
            "criteria": "cpe:2.3:a:mikejolley:download_monitor:1.0.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1433A499-1C31-49A8-9EB5-5377808ED204"
          },
          {
            "criteria": "cpe:2.3:a:mikejolley:download_monitor:1.0.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78094FD0-C6C7-4D40-8F65-D2D3FFD90C42"
          },
          {
            "criteria": "cpe:2.3:a:mikejolley:download_monitor:1.0.4:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71B161CD-1414-45AA-9DD2-DB64E78E3A53"
          },
          {
            "criteria": "cpe:2.3:a:mikejolley:download_monitor:1.0.5:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D4733F7-2C89-476C-917B-9E9B5005F4D6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References