Executive Summary

Informations
Name CVE-2013-4340 First vendor Publication 2013-09-12
Vendor Cve Last vendor Modification 2013-10-02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score 3.5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 289

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-09-19 IAVM : 2013-B-0106 - Multiple Vulnerabilities in WordPress
Severity : Category I - VMSKEY : V0040374

Nessus® Vulnerability Scanner

Date Description
2013-10-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_043d3a78f24549389bc73d0d35dd94bf.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2013-16855.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2013-16895.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2013-16925.nasl - Type : ACT_GATHER_INFO
2013-09-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-239.nasl - Type : ACT_GATHER_INFO
2013-09-19 Name : The remote web server contains a PHP application that is affected by multiple...
File : wordpress_3_6_1.nasl - Type : ACT_GATHER_INFO
2013-09-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2757.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://codex.wordpress.org/Version_3.6.1
http://core.trac.wordpress.org/changeset/25321
http://wordpress.org/news/2013/09/wordpress-3-6-1/
DEBIAN http://www.debian.org/security/2013/dsa-2757
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2013-September/1168...
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/1168...
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/1171...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Date Informations
2024-02-02 01:24:08
  • Multiple Updates
2024-02-01 12:07:12
  • Multiple Updates
2023-09-05 12:22:48
  • Multiple Updates
2023-09-05 01:07:06
  • Multiple Updates
2023-09-02 12:22:49
  • Multiple Updates
2023-09-02 01:07:11
  • Multiple Updates
2023-08-22 12:20:34
  • Multiple Updates
2023-03-28 12:07:09
  • Multiple Updates
2022-10-11 01:06:52
  • Multiple Updates
2021-05-04 12:27:15
  • Multiple Updates
2021-04-22 01:33:00
  • Multiple Updates
2020-05-24 01:12:02
  • Multiple Updates
2020-05-23 00:37:58
  • Multiple Updates
2019-06-11 12:05:35
  • Multiple Updates
2019-02-28 12:05:13
  • Multiple Updates
2017-11-17 12:03:41
  • Multiple Updates
2017-09-29 12:04:20
  • Multiple Updates
2016-04-26 23:32:30
  • Multiple Updates
2014-02-17 11:22:02
  • Multiple Updates
2013-11-11 12:40:43
  • Multiple Updates
2013-10-02 17:19:32
  • Multiple Updates
2013-09-27 13:21:32
  • Multiple Updates
2013-09-13 21:21:00
  • Multiple Updates
2013-09-12 21:20:28
  • Multiple Updates
2013-09-12 17:20:02
  • First insertion