Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cminds | Cm Download Manager | <= 2.0.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129357/WordPress-CM-Download-Manager-2.0.6-ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/534132/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/71418Third Party AdvisoryVDB Entry
- https://downloadsmanager.cminds.com/release-notes/Vendor Advisory
- http://packetstormsecurity.com/files/129357/WordPress-CM-Download-Manager-2.0.6-ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/534132/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/71418Third Party AdvisoryVDB Entry
- https://downloadsmanager.cminds.com/release-notes/Vendor Advisory
FAQ
What is CVE-2014-9129?
CVE-2014-9129 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for r...
How severe is CVE-2014-9129?
CVE-2014-9129 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9129?
Check the references section above for vendor advisories and patch information. Affected products include: Cminds Cm Download Manager.