CVE-2013-2701

{"id": "CVE-2013-2701", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-11-01T15:55:03.127", "references": [{"url": "http://secunia.com/advisories/52951", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/63198", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad Cross-site request forgery (CSRF) en el plugin Social Sharing Toolkit 2.1.1 para WordPress permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores de las solicitudes que manipulan la configuraci\u00f3n del plugin a trav\u00e9s de vectores desconocidos."}], "lastModified": "2013-11-21T19:09:59.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.1.1:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A03B080E-7F0D-43B4-A2FD-2E27E2EE5435"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}