Cross-Site Request Forgery in All In One WP Security & Firewall Plugin by WordPress
CVE-2015-0895

Currently unrated

Key Information:

Vendor: Wordpress
Status: All In One WordPress Security And Firewall
Vendor: CVE Published:; 7 March 2015

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the All In One WP Security & Firewall plugin for WordPress, allowing remote attackers to exploit this flaw to hijack the authentication of administrators. Specifically, this can enable an attacker to issue requests that delete important logs of 404 (Not Found) HTTP status codes, potentially compromising the security and operations of the website. Administrators are advised to update to version 3.9.0 or later to mitigate this risk.

References

https://wordpress.org/plugins/all-in-one-wp-security-and-...

x_refsource_CONFIRM

http://jvn.jp/en/jp/JVN87204433/index.html

third-party-advisoryx_refsource_JVN

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038

third-party-advisoryx_refsource_JVNDB

Timeline

Vulnerability published
Mar 7, 2015
Vulnerability Reserved
Jan 8, 2015