CVE-2015-2293

NONECVSS 0.0

0.0

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.

🔗 References (12)

cve@mitrehttp://packetstormsecurity.com/files/130811/WordPress-SEO-By-Yoast-1.7.3.3-SQL-Injection.html
cve@mitrehttp://seclists.org/fulldisclosure/2015/Mar/73
cve@mitrehttp://www.securitytracker.com/id/1031920
cve@mitrehttps://wordpress.org/plugins/wordpress-seo/changelog/
cve@mitrehttps://wpvulndb.com/vulnerabilities/7841
cve@mitrehttps://yoast.com/wordpress-seo-security-release/
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/130811/WordPress-SEO-By-Yoast-1.7.3.3-SQL-Injection.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/Mar/73
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031920
af854a3a-2127-422b-91ae-364da2661108https://wordpress.org/plugins/wordpress-seo/changelog/
af854a3a-2127-422b-91ae-364da2661108https://wpvulndb.com/vulnerabilities/7841
af854a3a-2127-422b-91ae-364da2661108https://yoast.com/wordpress-seo-security-release/

Is Your Infrastructure Affected by CVE-2015-2293?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-2293

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-2293?