Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2039

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2015-2039
Last Modified 23 Feb 2015 02:11:56
Published 20 Feb 2015 11:59:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2039

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php.

Vulnerable Systems

Application

  • Acobot Live Chat %26 Contact Form Project Acobot Live Chat %26 Contact Form 2.0


References

XF - wp-acobot-csrf(100814)

XF - wp-acobot-xss(100813)

MISC - http://packetstormsecurity.com/files/130306/WordPress-Acobot-Live-Chat-And-Contact-Form-2.0-CSRF-XSS.html


Last Updated: 27 May 2016 11:07:54