CVE-2014-8948

Published: Nov 16, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.

Affected (5)

Products: Imember360: Imember360

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Imember360 Imember360	Version 3.8.012
Imember360 Imember360	Version 3.8.013
Imember360 Imember360	Version 3.8.014
Imember360 Imember360	Version 3.9.000
Imember360 Imember360	Version 3.9.001

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://osvdb.org/show/osvdb/106301

Source: cve@mitre.org

http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Apr/265

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/58094

Source: cve@mitre.org

http://www.exploit-db.com/exploits/33076

Source: cve@mitre.org

Exploit

http://osvdb.org/show/osvdb/106301

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/fulldisclosure/2014/Apr/265

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/58094

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/33076

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.