Vulnerability Details : CVE-2013-3476
Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2013-3476
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-3476
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-3476
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3476
-
http://wordpress.org/plugins/wordpress-23-related-posts-plugin/changelog/
WordPress Related Posts – WordPress plugin | WordPress.orgPatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/84247
WordPress Related Posts plugin for WordPress CVE-2013-3476 unspecified cross-site request forgery CVE-2013-3476 Vulnerability Report
-
http://www.securityfocus.com/bid/59839
WordPress Related Posts Plugin CVE-2013-3476 Cross Site Request Forgery Vulnerability
Products affected by CVE-2013-3476
- cpe:2.3:a:zemanta:related_posts:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.8.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.8:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.3.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:2.4.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:2.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.3.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:1.3.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:zemanta:related_posts:2.5.1:*:*:*:*:wordpress:*:*