ThemeMakers Almera Responsive Portfolio Theme up to 2015-05-15 on WordPress wp_users.dat user_login/user_pass/user_email information disclosure
| CVSS Meta Temp Score | Current Exploit Price (β) |
|---|---|
| 4.3 | $0-$5k |
A vulnerability was found in ThemeMakers Almera Responsive Portfolio Theme up to 2015-05-15 on WordPress (WordPress Plugin). It has been classified as problematic. This affects an unknown code of the file wp-content/uploads/tmm_db_migrate/wp_users.dat. The manipulation of the argument user_login/user_pass/user_email as part of a Request leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.
The weakness was published 10/11/2019. This vulnerability is uniquely identified as CVE-2015-9487 since 10/11/2019. It is possible to initiate the attack remotely. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 10/12/2019).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Type
Name
VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.3
VulDB Base Score: β4.3
VulDB Temp Score: β4.3
VulDB Vector: π
VulDB Reliability: π
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Information disclosure (CWE-200)
Local: No
Remote: Yes
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: no mitigation known
0-Day Time: π
10/11/2019 Advisory disclosed
10/11/2019 CVE assigned
10/12/2019 VulDB entry created
10/12/2019 VulDB last update
CVE: CVE-2015-9487 (π)Created: 10/12/2019 04:59 PM
Complete: π
Check our Alexa App!
https://vuldb.com/?id.143385
Gloss