Vulnerability Details : CVE-2013-3479
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2013-3479
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-3479
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-3479
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3479
-
http://wordpress.org/plugins/share-this/changelog/
ShareThis: Free Sharing Buttons and Tools – WordPress plugin | WordPress.org
Products affected by CVE-2013-3479
- cpe:2.3:a:sharethis:sharethis:*:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sharethis:sharethis:7.0.2:*:*:*:*:*:*:*