CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-0895

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://jvn.jp/en/jp/JVN87204433/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/
http://jvn.jp/en/jp/JVN87204433/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/

Products affected by CVE-2015-0895

Tips And Tricks Hq » All In One Wordpress Security And Firewall » Version: 3.8.2

cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:3.8.2
Tips And Tricks Hq » All In One Wordpress Security And Firewall » Version: 3.8.7

cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:3.8.7
Tips And Tricks Hq » All In One Wordpress Security And Firewall » Version: 3.8.9

cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:3.8.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-0895

Products

Pricing

Contact Us