CVE-2014-5034

Published: Apr 6, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.

Affected (1)

Products: Fresh Media: Brute Force Login Protection

1 product

Brute Force Login Protection

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fresh Media Brute Force Login Protection	Version 1.3

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.