Atahualpa Theme on WordPress cross-site request forgery

A vulnerability classified as problematic has been found in Atahualpa Theme on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. Using CWE to declare the problem leads to CWE-352. The weakness was published 03/01/2017 by Spyros Gasteratos as Cross-Site Request Forgery in Atahualpa WordPress Theme as Mailinglist Post (Full-Disclosure). The advisory is shared for download at seclists.org. This vulnerability is traded as CVE-2017-20088. It is possible to launch the attack remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

128

Field

cna_responsible1
source_cve1
vulnerability_cwe1
software_type1
vulnerability_cvss3_vuldb_rc1

Commit Conf

100%33
90%7

Approve Conf

100%33
90%7
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1263446006/19/2022VulD...responsibleVulDB06/19/2022accepted
100
1263445906/19/2022VulD...cveCVE-2017-20088cve.org06/19/2022accepted
100
642467308/18/2020VulD...cwe352 (cross-site request forgery)08/18/2020accepted
90
642464208/18/2020VulD...typeWordPress Plugin08/18/2020accepted
100
642467903/01/2017VulD...cvss3_vuldb_rcRsee CVSS documentation03/01/2017accepted
90
642467803/01/2017VulD...cvss3_vuldb_rlUsee CVSS documentation03/01/2017accepted
90
642467703/01/2017VulD...cvss3_vuldb_eXsee CVSS documentation03/01/2017accepted
90
642467603/01/2017VulD...cvss2_vuldb_rcURsee CVSS documentation03/01/2017accepted
90
642467503/01/2017VulD...cvss2_vuldb_rlUsee CVSS documentation03/01/2017accepted
90
642467403/01/2017VulD...cvss2_vuldb_eNDsee CVSS documentation03/01/2017accepted
90
642467203/01/2017VulD...price_0day$0-$5ksee exploit price documentation03/01/2017accepted
100
642467103/01/2017VulD...person_nameSpyros Gasteratos03/01/2017accepted
100
642467003/01/2017VulD...identifierCross-Site Request Forgery in Atahualpa WordPress Theme03/01/2017accepted
100
642466903/01/2017VulD...urlhttp://seclists.org/fulldisclosure/2017/Feb/90seclists.org03/01/2017accepted
100
642466803/01/2017VulD...typeMailinglist Post03/01/2017accepted
100
642466703/01/2017VulD...locationFull-Disclosure03/01/2017accepted
100
642466603/01/2017VulD...date1488326400 (03/01/2017)03/01/2017accepted
100
642466503/01/2017VulD...cvss3_vuldb_aNsee CVSS documentation03/01/2017accepted
100
642466403/01/2017VulD...cvss3_vuldb_iLsee CVSS documentation03/01/2017accepted
100
642466303/01/2017VulD...cvss3_vuldb_cNsee CVSS documentation03/01/2017accepted
100

20 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 20 results.

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!