Vulnerability Name:

CVE-2015-0920 (CCN-99613)

Assigned:2015-01-03
Published:2015-01-03
Updated:2017-09-08
Summary:Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-352
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2015-0920

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/129804/WordPress-Banner-Effect-Header-1.2.6-XSS-CSRF.html

Source: CCN
Type: BID-71887
WordPress Banner Effect Header Plugin 'options-general.php' Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
bannereffect-wp-bannereffectemail-xss(99613)

Source: XF
Type: UNKNOWN
bannereffect-wp-bannereffectemail-xss(99613)

Source: XF
Type: UNKNOWN
bannereffect-wp-bannereffectemail-csrf(99614)

Source: CCN
Type: Packet Storm Security [01-03-2015]
WordPress Banner Effect Header 1.2.6 XSS / CSRF

Source: CCN
Type: WordPress Plugin Directory
Banner Effect Header plugin for WordPress

Vulnerable Configuration:Configuration 1:
  • cpe:/a:banner_effect_header_project:banner_effect_header:1.2.6:*:*:*:*:wordpress:*:*

  • Configuration CCN 1:
  • cpe:/a:banner_effect_header_project:banner_effect_header:1.2.6:*:*:*:*:wordpress:*:*
  • AND
  • cpe:/a:wordpress:wordpress:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2015-0920 (CCN-99614)

    Assigned:2015-01-03
    Published:2015-01-03
    Updated:2017-09-08
    Summary:Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-352
    Vulnerability Consequences:Cross-Site Scripting
    References:Source: MITRE
    Type: CNA
    CVE-2015-0920

    Source: CCN
    Type: BID-71887
    WordPress Banner Effect Header Plugin 'options-general.php' Cross Site Scripting Vulnerability

    Source: XF
    Type: UNKNOWN
    bannereffect-wp-bannereffectemail-csrf(99614)

    Source: CCN
    Type: Packet Storm Security [01-03-2015]
    WordPress Banner Effect Header 1.2.6 XSS / CSRF

    Source: CCN
    Type: WordPress Plugin Directory
    Banner Effect Header plugin for WordPress

    BACK
    banner_effect_header_project banner effect header 1.2.6
    banner_effect_header_project banner effect header 1.2.6
    wordpress wordpress *