CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-0920

Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.3%

CVSS Severity

CVSS v2 Score 6.8

References

http://packetstormsecurity.com/files/129804/WordPress-Banner-Effect-Header-1.2.6-XSS-CSRF.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/99613
https://exchange.xforce.ibmcloud.com/vulnerabilities/99614
http://packetstormsecurity.com/files/129804/WordPress-Banner-Effect-Header-1.2.6-XSS-CSRF.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/99613
https://exchange.xforce.ibmcloud.com/vulnerabilities/99614

Products affected by CVE-2015-0920

Banner Effect Header Project » Banner Effect Header » Version: 1.2.6

cpe:2.3:a:banner_effect_header_project:banner_effect_header:1.2.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-0920

Products

Pricing

Contact Us