[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1949Date: (C)2013-05-01   (M)2023-12-22


Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://www.openwall.com/lists/oss-security/2013/04/14/1
http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html
http://it.slashdot.org/story/13/04/13/212226/popular-wordpress-plug-in-caught-spamming-is-put-on-probation
http://securityledger.com/hacked-wordpress-plug-in-put-on-double-secret-probation/

CPE    2
cpe:/a:blinkwebeffects:social-media-widget:4.0
cpe:/a:wordpress:wordpress:-

© SecPod Technologies