Unrated severityNVD Advisory· Published Oct 7, 2012· Updated Jun 16, 2026
CVE-2012-1414
CVE-2012-1414
Description
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:plume-cms:plume_cms:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:plume-cms:plume_cms:*:*:*:*:*:*:*:*range: <=1.2.4
- cpe:2.3:a:plume-cms:plume_cms:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.