CVE-2013-3252 : Cross-site request forgery (CSRF) vulnerability in the options admin page in the

Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.

Published 2014-04-10 20:29:20

Updated 2025-04-12 10:46:41

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2013-3252

Lesterchan » Wp-postviews » For Wordpress
Versions up to, including, (<=) 1.62
cpe:2.3:a:lesterchan:wp-postviews:*:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.40 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.40:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.60 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.60:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.00 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.00:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.11 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.11:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.50 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.50:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.31 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.31:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.20 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.20:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.10 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.10:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.01 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.01:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.61 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.61:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.02 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.02:*:*:*:*:wordpress:*:*
Matching versions
Lesterchan » Wp-postviews » Version: 1.30 For Wordpress
cpe:2.3:a:lesterchan:wp-postviews:1.30:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-3252

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-3252

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-3252

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3252

http://osvdb.org/93096
http://secunia.com/advisories/53127

Sign in
Vendor Advisory
http://wordpress.org/plugins/wp-postviews/changelog

WP-PostViews – WordPress plugin | WordPress.org

Jump to

Vulnerability Details : CVE-2013-3252

Products affected by CVE-2013-3252

Exploit prediction scoring system (EPSS) score for CVE-2013-3252

CVSS scores for CVE-2013-3252

CWE ids for CVE-2013-3252

References for CVE-2013-3252