CVE-2012-4921

{"id": "CVE-2012-4921", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-04-10T20:29:18.517", "references": [{"url": "http://osvdb.org/89441", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/51531", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en el plugin DVS Custom Notification 1.0.1 y anteriores para WordPress permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que (1) cambian configuraciones de aplicaciones o (2) realizan ataques de XSS."}], "lastModified": "2014-04-11T13:24:00.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dvs_custom_notification_project:dvs_custom_notification:1.0.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "389F5229-7BB3-4A38-926F-E77F10570E45"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}