CVE-2015-0895

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
tips_and_tricks_hqall_in_one_wordpress_security_and_firewall
𝑥
≤ 3.8.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN87204433/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/
http://jvn.jp/en/jp/JVN87204433/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/