A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was presented 01/02/2014 as a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2014-125111. The attack may be launched remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1059.007. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability.
Field | 04/07/2024 11:27 |
---|---|
vendor | namithjawahar |
name | Wp-Insert |
version | <=2.0.8 |
cwe | 79 (cross site scripting) |
risk | 1 |
cvss3 | N |
cvss3 | L |
cvss3 | R |
cvss3 | U |
cvss3 | N |
cvss3 | L |
cvss3 | N |
cvss3 | O |
cvss3 | C |
date | 1388617200 (01/02/2014) |
identifier | a07b7b08084b9b85859f3968ce7fde0fd1fcbba3 |
url | https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3 |
name | Upgrade |
date | 1388617200 (01/02/2014) |
upgrade | 2.0.9 |
patch | a07b7b08084b9b85859f3968ce7fde0fd1fcbba3 |
patch | https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3 |
advisoryquote | XSS Exploit Fix. |
cve | CVE-2014-125111 |
responsible | VulDB |
type | WordPress Plugin |
cvss2 | N |
cvss2 | L |
cvss2 | N |
cvss2 | P |
cvss2 | N |
cvss2 | C |
cvss2 | OF |
cvss4 | N |
cvss4 | L |
cvss4 | N |
cvss4 | L |
cvss4 | N |
cvss2 | S |
cvss2 | ND |
cvss3 | L |
cvss3 | X |
cvss4 | N |
cvss4 | L |
cvss4 | N |
cvss4 | N |
cvss4 | N |
cvss4 | N |
cvss4 | X |
cvss2 | 4.0 |
cvss2 | 3.5 |
cvss3 | 3.5 |
cvss3 | 3.4 |
cvss3 | 3.5 |
cvss3 | 3.4 |
cvss4 | 5.3 |
cvss4 | 5.3 |
price | $0-$5k |