CVE-2015-6523

CVE-2015-6523

Name

CVE-2015-6523

Description

Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	http://seclists.org/fulldisclosure/2015/Jul/104
CONFIRM	https://plugins.trac.wordpress.org/changeset/1175403/portfolio-by-lisa-westlund
MISC	https://wpvulndb.com/vulnerabilities/8108

Type

URI

Exploit

http://seclists.org/fulldisclosure/2015/Jul/104

CONFIRM

https://plugins.trac.wordpress.org/changeset/1175403/portfolio-by-lisa-westlund

MISC

https://wpvulndb.com/vulnerabilities/8108

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:portfolio_project:portfolio::::::wordpress::*`	portfolio	>= None	<= 1.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:portfolio_project:portfolio:*:*:*:*:*:wordpress:*:*

portfolio

>= None

<= 1.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
portfolio	3.18-community	0.9.15-r0	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable
portfolio	3.17-community	0.9.14-r0	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

portfolio

3.18-community

0.9.15-r0

Clayton Craft <clayton@craftyguy.net>

possibly vulnerable

portfolio

3.17-community

0.9.14-r0

Clayton Craft <clayton@craftyguy.net>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages