CVE-2014-3882

Published Jun 25, 2014

Last updated 4 months ago

CVSS info 6.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79A800CD-C3B6-4439-B2DD-72439B1F43EC",
            "versionEndIncluding": "1.1.3"
          },
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FD0B79E-2784-435F-89DC-C99E80947436"
          },
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E97A16EB-F663-4FB0-BEAD-BD6A7707B60C"
          },
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F861EA0C-3D3C-4F0F-BFEA-C974C107B352"
          },
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B125654-3EE7-429C-B076-C3B1E65F20F2"
          },
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:1.1.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82C94C7D-59CD-41BB-963C-6E0D4FD2BF7F"
          },
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:1.1.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C752897-2937-4A79-8450-DF7033089773"
          },
          {
            "criteria": "cpe:2.3:a:12net:login_rebuilder:1.1.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2439A1E3-6696-437F-A35F-3630F21927F1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References