ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-03-22 08:55
Updated : 2017-08-28 18:33
NVD link : CVE-2013-0731
Mitre link : CVE-2013-0731
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
mailup
- wp-mailup
wordpress
- wordpress