← Back

CVE-2015-10125

nvd nist
Published: Oct 5, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.

Affected (1)

Smackcoders
1 product
Import All Pages, Post Types, Products, Orders, And Users As Xml & Csv
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Import All Pages, Post Types, Products, Orders, And Users As Xml & Csv
Before 3.7.3

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

Source: cna@vuldb.com
Patch
Source: cna@vuldb.com
Release Notes
Source: cna@vuldb.com
Third Party Advisory
Source: cna@vuldb.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.