Vulnerability Details : CVE-2013-6797
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2013-6797
- cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:*:-:*:*:*:wordpress:*:*
- cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.0:-:*:*:*:wordpress:*:*
- cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.4:-:*:*:*:wordpress:*:*
- cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.2:-:*:*:*:wordpress:*:*
- cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.3:-:*:*:*:wordpress:*:*
- cpe:2.3:a:sunil_nanda:blue_wrench_video_widget:1.0.1:-:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6797
0.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6797
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-6797
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6797
-
http://wordpress.org/plugins/blue-wrench-videos-widget/changelog
Blue Wrench Video Widget – WordPress plugin | WordPress.orgPatch
-
http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/
Nothing found for Wordpress Plugin Blue Wrench Video Widget Csrf Persistent Xss 0Day DisclosureExploit
Jump to