Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0895

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2015-0895
Last Modified 09 Mar 2015 11:09:16
Published 06 Mar 2015 09:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0895

Summary

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.

Vulnerable Systems

Application

  • Tips And Tricks Hq All In One Wordpress Security And Firewall 3.8.9


References

CONFIRM - https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/

JVNDB - JVNDB-2015-000038

JVN - JVN#87204433


Last Updated: 27 May 2016 11:08:00