CVE-2017-12651

MEDIUM

Description

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

References

https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/

https://sv.wordpress.org/plugins/loginizer/#developers

https://wpvulndb.com/vulnerabilities/8884

Details

Source: MITRE

Published: 2017-08-07

Updated: 2017-08-15

Type: CWE-352

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH