6.8
CVE-2013-3252
- EPSS 0.24%
- Veröffentlicht 10.04.2014 20:29:20
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginWP-PostViews < 1.63 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
Mögliche Gegenmaßnahme
WP-PostViews: Update to version 1.63, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP-PostViews
Version
[*, 1.63)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lesterchan ≫ Wp-postviews SwPlatformwordpress Version <= 1.62
Lesterchan ≫ Wp-postviews Version1.00 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.01 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.02 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.10 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.11 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.20 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.30 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.31 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.40 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.50 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.60 SwPlatformwordpress
Lesterchan ≫ Wp-postviews Version1.61 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.464 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.