CVE-2014-5072

Published: Apr 6, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected (1)

Products: Wpsecurityauditlog: Wp Security Audit Log

Wpsecurityauditlog

1 product

Wp Security Audit Log

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpsecurityauditlog Wp Security Audit Log	Before 1.2.5

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/0pc0deFR/Exploits/tree/master/CVE-2014-5072

Source: cve@mitre.org

Third Party Advisory

https://www.wpsecurityauditlog.com/plugin-change-log/

Source: cve@mitre.org

Release Notes

https://github.com/0pc0deFR/Exploits/tree/master/CVE-2014-5072

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.wpsecurityauditlog.com/plugin-change-log/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.