CVE-2014-3903

Published Aug 19, 2014

Last updated 3 months ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9E96818-790A-44DD-86FB-C1A79252592D",
            "versionEndIncluding": "1.6.1"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.4:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9227F0ED-7708-467A-8040-53EAC54019F9"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.4.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFB46CDD-CFC2-4FC1-B1FF-4F1841D81053"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.4.2:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E690FF3A-4CB6-4B42-AB04-2303B16A9C53"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.4.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5FF04F7-2412-4406-93C5-F6F9E8D761EA"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.4.4:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C902E644-9EF4-49B2-B635-E5DD2916B350"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.5.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B86EF57-A792-47B1-B7A9-D6DA83781E15"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.5.1:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1409C2AD-99C6-4A0B-965E-3249F92FE8E2"
          },
          {
            "criteria": "cpe:2.3:a:jayj:cakifo:1.6:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EAD3A9B-3FFF-48DF-BFA2-80C9EE71FE20"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References