{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T14:33:27.317","vulnerabilities":[{"cve":{"id":"CVE-2014-5196","sourceIdentifier":"cve@mitre.org","published":"2014-08-12T20:55:03.713","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that insert XSS sequences via the iusib_meta_fields parameter."},{"lang":"es","value":"Vulnerabilidad de CSRF en improved-user-search-in-backend.php en el backend en la búsqueda mejorada de usuarios en el plugin backend anterior a 1.2.5 para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que inserten secuencias XSS a través del parámetro iusib_meta_fields."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:improved_user_search_in_backend_project:improved_user_search_in_backend:*:-:-:*:-:wordpress:*:*","versionEndIncluding":"1.2.4","matchCriteriaId":"C6F3057D-AC4E-44E6-A44D-DAFE56129619"}]}]}],"references":[{"url":"http://secunia.com/advisories/60590","source":"cve@mitre.org"},{"url":"http://wordpress.org/plugins/improved-user-search-in-backend/changelog","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.dxw.com/advisories/csrf-and-xss-in-improved-user-search-allow-execution-of-arbitrary-javascript-in-wordpress-admin-area/","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/60590","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://wordpress.org/plugins/improved-user-search-in-backend/changelog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.dxw.com/advisories/csrf-and-xss-in-improved-user-search-allow-execution-of-arbitrary-javascript-in-wordpress-admin-area/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}}]}