CVE-2015-0895
All In One WP Security & Firewall < 3.9.0 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
References (3)
Core 3
Core References
Patch x_refsource_confirm
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN87204433/index.html
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038
Scores
EPSS
0.0108
EPSS Percentile
61.0%
Details
CWE
CWE-352
Status
published
Products (1)
tips_and_tricks_hq/all_in_one_wordpress_security_and_firewall
< 3.8.9
Published
Mar 07, 2015
Tracked Since
Feb 18, 2026