Atahualpa Theme on WordPress cross-site request forgery

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in Atahualpa Theme on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. Using CWE to declare the problem leads to CWE-352. The weakness was published 03/01/2017 by Spyros Gasteratos as Cross-Site Request Forgery in Atahualpa WordPress Theme as Mailinglist Post (Full-Disclosure). The advisory is shared for download at seclists.org. This vulnerability is traded as CVE-2017-20088. It is possible to launch the attack remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field	03/01/2017 17:36	08/18/2020 09:29	06/19/2022 18:00
name	Atahualpa Theme	Atahualpa Theme	Atahualpa Theme
platform	WordPress	WordPress	WordPress
risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	4.1	4.1	4.1
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	4.2	4.2	4.2
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.2	4.2	4.2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
date	1488326400 (03/01/2017)	1488326400 (03/01/2017)	1488326400 (03/01/2017)
location	Full-Disclosure	Full-Disclosure	Full-Disclosure
type	Mailinglist Post	Mailinglist Post	Mailinglist Post
url	http://seclists.org/fulldisclosure/2017/Feb/90	http://seclists.org/fulldisclosure/2017/Feb/90	http://seclists.org/fulldisclosure/2017/Feb/90
identifier	Cross-Site Request Forgery in Atahualpa WordPress Theme	Cross-Site Request Forgery in Atahualpa WordPress Theme	Cross-Site Request Forgery in Atahualpa WordPress Theme
person_name	Spyros Gasteratos	Spyros Gasteratos	Spyros Gasteratos
price_0day	$0-$5k	$0-$5k	$0-$5k
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	U	U	U
cvss2_vuldb_rc	UR	UR	UR
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	U	U	U
cvss3_vuldb_rc	R	R	R
type		WordPress Plugin	WordPress Plugin
cwe	0	352 (cross-site request forgery)	352 (cross-site request forgery)
cve			CVE-2017-20088
responsible			VulDB

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!