CVE-2012-4921 : Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for W

Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks.

Published 2014-04-10 20:29:19

Updated 2014-04-11 13:24:00

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)

Exploit prediction scoring system (EPSS) score for CVE-2012-4921

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 40 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-4921

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-4921

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

Products affected by CVE-2012-4921

Dvs Custom Notification Project » Dvs Custom Notification » Version: 1.0.1 For Wordpress
cpe:2.3:a:dvs_custom_notification_project:dvs_custom_notification:1.0.1:*:*:*:*:wordpress:*:*
Matching versions

Vulnerability Details : CVE-2012-4921

Exploit prediction scoring system (EPSS) score for CVE-2012-4921

CVSS scores for CVE-2012-4921

CWE ids for CVE-2012-4921

Products affected by CVE-2012-4921