CVE-2013-2640

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:mailup:wp-mailup:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:*:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.21:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

Information

Published : 2013-03-22 10:55

Updated : 2013-04-04 21:00


NVD link : CVE-2013-2640

Mitre link : CVE-2013-2640


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

mailup

  • wp-mailup

wordpress

  • wordpress