CVE-2015-6523
Portfolio Plugin < 1.05 - Cross-Site Request Forgery
Severity Score
6.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.
Vulnerabilidad CSRF en el plugin Portfolio en versiones anteriores a 1.05 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que tienen un impacto no especificado a través de solicitudes a la página instagram-portfolio en wp-admin/options-general.php.
*Credits:
Nitin Venkatesh
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-07-20 CVE Published
- 2015-08-19 CVE Reserved
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://plugins.trac.wordpress.org/changeset/1175403/portfolio-by-lisa-westlund | X_refsource_confirm | |
| https://wpvulndb.com/vulnerabilities/8108 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Jul/104 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Portfolio Project Search vendor "Portfolio Project" | Portfolio Search vendor "Portfolio Project" for product "Portfolio" | <= 1.0 Search vendor "Portfolio Project" for product "Portfolio" and version " <= 1.0" | wordpress |
Affected
| ||||||