Cross-Site Request Forgery Vulnerabilities in WP Cleanfix Plugin by WordPress
CVE-2013-2108

5.4MEDIUM

Key Information:

Vendor
Wordpress
Status
WP Cleanfix Plugin
Vendor
CVE Published:
10 February 2020

Summary

The WP Cleanfix Plugin version 2.4.4 for WordPress suffers from a Cross-Site Request Forgery (CSRF) vulnerability that could allow unauthorized actions to be performed by an attacker on behalf of the user. This vulnerability could lead to potential exploitation if users are tricked into clicking a malicious link while logged in to their WordPress account, enabling the attacker to execute unintended commands.

Affected Version(s)

WP Cleanfix Plugin 2.4.4

References

http://www.securityfocus.com/bid/59940
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84435
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/18/11
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.