ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
References
Link | Resource |
---|---|
http://secunia.com/advisories/51917 | Vendor Advisory |
http://osvdb.org/91274 | |
http://plugins.trac.wordpress.org/changeset?new=682420 | Exploit Patch |
http://wordpress.org/extend/plugins/wp-mailup/changelog/ |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-03-22 10:55
Updated : 2013-04-04 21:00
NVD link : CVE-2013-2640
Mitre link : CVE-2013-2640
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
mailup
- wp-mailup
wordpress
- wordpress