CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-9401

Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.4%

CVSS Severity

CVSS v2 Score 6.8

References

http://packetstormsecurity.com/files/129647/WordPress-WP-Limit-Posts-Automatically-0.7-CSRF-XSS.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/99427
http://packetstormsecurity.com/files/129647/WordPress-WP-Limit-Posts-Automatically-0.7-CSRF-XSS.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/99427

Products affected by CVE-2014-9401

Wp Limit Posts Automatically Project » Wp Limit Posts Automatically » Version: 0.7

cpe:2.3:a:wp_limit_posts_automatically_project:wp_limit_posts_automatically:0.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9401

Products

Pricing

Contact Us