CVE-2013-0731

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:mailup:wp-mailup:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.21:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

Information

Published : 2013-03-22 08:55

Updated : 2017-08-28 18:33


NVD link : CVE-2013-0731

Mitre link : CVE-2013-0731


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

mailup

  • wp-mailup

wordpress

  • wordpress