CVE-2013-3252

Published Apr 10, 2014

Last updated 11 years ago

Overview

Description: Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2603A2A4-1E2D-43F5-8A68-10B9060851C8",
            "versionEndIncluding": "1.62"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.00:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0965E575-C147-468A-81E4-29230A19D0BC"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.01:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CA50FFD-4120-4DDE-971A-C35148A14CB7"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.02:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41085DF5-E185-4F84-A84C-B740AF524EC8"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.10:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80892E18-00A8-4BF9-963A-61B50C3DB9A8"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.11:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3B2BF0F-78C9-4C31-AA34-C0C9A86E6180"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.20:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13E9E31B-741B-41F8-BBC3-CD88299E6305"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.30:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "483A2445-823D-4226-B577-661BFE583195"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.31:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "041838CD-EA0F-404C-88AE-6678B2D3E8A2"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.40:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2ABC700-7346-4C70-9A90-75EB54A0FA4F"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.50:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA5DBE5A-0975-445F-A5D2-CCD4488BA78A"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.60:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E5CFF1E-6523-4007-88C6-1FE5168D7328"
          },
          {
            "criteria": "cpe:2.3:a:lesterchan:wp-postviews:1.61:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF1A85BA-3D98-47BC-9009-6B5AEED2CFE9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References