CVE-2015-0895

Published: Mar 7, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.

Affected (1)

Products: Tips And Tricks Hq: All In One Wordpress Security And Firewall

Tips And Tricks Hq

1 product

All In One Wordpress Security And Firewall

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tips And Tricks Hq All In One Wordpress Security And Firewall	Up to 3.8.9

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://jvn.jp/en/jp/JVN87204433/index.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038

Source: vultures@jpcert.or.jp

Vendor Advisory

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/

Source: vultures@jpcert.or.jp

Patch

http://jvn.jp/en/jp/JVN87204433/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.