Vulnerability 90149 - CERT Civis.Net

Vulnerability Name:

CCN-90149

Published:

2013-12-17

Updated:

2013-12-17

Summary:

WordPress could allow a remote attacker to obtain sensitive information, caused by an error in the options.php script. An attacker could exploit this vulnerability to obtain the credential information and perform further attacks.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Full Disclosure Mailing List, Tue, 17 Dec 2013 16:26:12 +0200
CSRF, DoS and IL vulnerabilities in WordPress

Source: CCN
Type: WordPress Web site
WordPress Blog Tool, Publishing Platform, and CMS

Source: XF
Type: UNKNOWN
wordpress-options-info-disclosure(90149)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:wordpress:wordpress:3.8:-:*:*:*:*:*:*

Denotes that component is vulnerable

BACK