Home > Vulnerability Database > CVE-2013-5977

Mend Vulnerability Database

CVE-2013-5977

Good to know:

Date: November 1, 2013

Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.

Language: PHP

Severity Score

6.8

Related Resources (5)

Url: http://secunia.com/advisories/55265

Url: http://www.securityfocus.com/bid/62975

Url: http://blog.noobroot.com/#!/2013/10/0-day-wordpress-cart66-plugin-15114.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-5977

Url: https://www.mend.io/vulnerability-database/CVE-2013-5977

Severity Score

6.8

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2013-5977

Good to know:

Date: November 1, 2013

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v2

Do you need more information?