Vulnerability Details : CVE-2015-10125
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2015-10125
- Smackcoders » Import All Pages, Post Types, Products, Orders, And Users As Xml & Csv » For WordpressVersions before (<) 3.7.3cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-10125
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-10125
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
VulDB | 2024-02-29 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2015-10125
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: cna@vuldb.com (Primary)
References for CVE-2015-10125
-
https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e
Version 3.7.3 for Vulnarablility fix · wp-plugins/wp-ultimate-csv-importer@13c30af · GitHubPatch
-
https://vuldb.com/?ctiid.241317
Login requiredThird Party Advisory
-
https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3
Release 3.7.3: Trivial change · wp-plugins/wp-ultimate-csv-importer · GitHubRelease Notes
-
https://vuldb.com/?id.241317
CVE-2015-10125: WP Ultimate CSV Importer Plugin cross-site request forgeryThird Party Advisory
Jump to