CVE-2012-4448
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.
Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en wp-admin/index.php en WordPress v3.4.2 permite a atacantes remotos secuestrar la autenticación de las solicitudes de administradores que modifican una URL de un RSS a través de una acción de edición dashboard_incoming_links.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-21 CVE Reserved
- 2012-09-28 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2012/09/25/15 | Mailing List | |
| https://bugzilla.redhat.com/show_bug.cgi?id=860261 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/50715 | 2012-10-01 | |
| https://bugs.gentoo.org/show_bug.cgi?id=436198 | 2012-10-01 |