CVE-2014-3882
Published Jun 25, 2014
Last updated 10 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "79A800CD-C3B6-4439-B2DD-72439B1F43EC",
"versionEndIncluding": "1.1.3"
},
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.0:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "3FD0B79E-2784-435F-89DC-C99E80947436"
},
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.1:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "E97A16EB-F663-4FB0-BEAD-BD6A7707B60C"
},
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.2:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "F861EA0C-3D3C-4F0F-BFEA-C974C107B352"
},
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:1.0.3:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "7B125654-3EE7-429C-B076-C3B1E65F20F2"
},
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:1.1.0:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "82C94C7D-59CD-41BB-963C-6E0D4FD2BF7F"
},
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:1.1.1:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "4C752897-2937-4A79-8450-DF7033089773"
},
{
"criteria": "cpe:2.3:a:12net:login_rebuilder:1.1.2:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "2439A1E3-6696-437F-A35F-3630F21927F1"
}
],
"operator": "OR"
}
]
}
]