Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2084

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2015-2084
Last Modified 26 Feb 2015 02:14:29
Published 25 Feb 2015 05:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2084

Summary

Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.

Vulnerable Systems

Application

  • Cybernetikz Easy Social Icons 1.2.2


References

CONFIRM - https://wordpress.org/plugins/easy-social-icons/changelog/

EXPLOIT-DB - 36161

FULLDISC - 20150221 Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF

MISC - http://packetstormsecurity.com/files/130461/WordPress-Easy-Social-Icons-1.2.2-CSRF-XSS.html


Last Updated: 27 May 2016 11:07:57