CVE-2014-3882CVE-2014-3882

Affected configuration(s):

cpe:/a:12net:login_rebuilder:1.0.0::~~~wordpress~~
cpe:/a:12net:login_rebuilder:1.0.1::~~~wordpress~~
cpe:/a:12net:login_rebuilder:1.0.2::~~~wordpress~~
cpe:/a:12net:login_rebuilder:1.0.3::~~~wordpress~~
cpe:/a:12net:login_rebuilder:1.1.0::~~~wordpress~~
cpe:/a:12net:login_rebuilder:1.1.1::~~~wordpress~~
cpe:/a:12net:login_rebuilder:1.1.2::~~~wordpress~~
cpe:/a:12net:login_rebuilder:1.1.3::~~~wordpress~~

Date published: 2014-06-25T07:19:22.230-04:00

Date last modified: 2014-06-25T10:35:14.943-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://12net.jp/news/n20140623_01.html

Summary: Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *