{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "59840", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/59840"}, {"name": "53321", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53321"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/plugins/related-posts-by-zemanta/changelog/"}, {"name": "relatedposts-cve20133477-unspecified-csrf(84246)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84246"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3477", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "59840", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59840"}, {"name": "53321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53321"}, {"name": "http://wordpress.org/plugins/related-posts-by-zemanta/changelog/", "refsource": "CONFIRM", "url": "http://wordpress.org/plugins/related-posts-by-zemanta/changelog/"}, {"name": "relatedposts-cve20133477-unspecified-csrf(84246)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84246"}]}}}}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2013-3477", "datePublished": "2014-05-27T15:00:00", "dateReserved": "2013-05-07T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zemanta:related_posts:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "56BB915F-CB91-493C-BDBD-0CA3C75EEFCD", "versionEndIncluding": "1.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zemanta:related_posts:1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D7774D9E-549A-4240-B5DA-98EA0C06127B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zemanta:related_posts:1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "71E49B56-6FF5-4668-AF0F-47CD3B1D0D6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zemanta:related_posts:1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "820277FA-4C3B-48CA-B19A-FB3914FE7D77", "vulnerable": true}, {"criteria": "cpe:2.3:a:zemanta:related_posts:1.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3AE14921-E43A-4BA4-8444-12F209E68929", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en el plugin Related Posts By Zemanta anterior a 1.3.2 para WordPress permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios no especificados para solicitudes que cambian configuraciones a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2013-3477", "lastModified": "2017-08-29T01:33:23.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-05-27T14:55:10.073", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/53321"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://wordpress.org/plugins/related-posts-by-zemanta/changelog/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/59840"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84246"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}