Vulnerability Details : CVE-2015-10108
A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2015-10108
- Inline Google Spreadsheet Viewer Project » Inline Google Spreadsheet Viewer » For WordpressVersions up to, including, (<=) 0.9.6cpe:2.3:a:inline_google_spreadsheet_viewer_project:inline_google_spreadsheet_viewer:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-10108
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-10108
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
VulDB | 2024-02-29 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2015-10108
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: cna@vuldb.com (Primary)
References for CVE-2015-10108
-
https://vuldb.com/?ctiid.230234
CVE-2015-10108: meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgeryPermissions Required;Third Party Advisory
-
https://vuldb.com/?id.230234
CVE-2015-10108: meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgeryPermissions Required;Third Party Advisory
-
https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747
Secure the CSV fetching code behind a WordPress nonce to avoid CSRFs. · wp-plugins/inline-google-spreadsheet-viewer@2a8057d · GitHubPatch
-
https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1
Release Create tag 0.9.6.1 · wp-plugins/inline-google-spreadsheet-viewer · GitHubRelease Notes
Jump to