CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-0731

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.1%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2013-0731

Mailup » Wp-Mailup » Version: 1.0.0

cpe:2.3:a:mailup:wp-mailup:1.0.0
Mailup » Wp-Mailup » Version: 1.1.0

cpe:2.3:a:mailup:wp-mailup:1.1.0
Mailup » Wp-Mailup » Version: 1.1.1

cpe:2.3:a:mailup:wp-mailup:1.1.1
Mailup » Wp-Mailup » Version: 1.1.2

cpe:2.3:a:mailup:wp-mailup:1.1.2
Mailup » Wp-Mailup » Version: 1.1.3

cpe:2.3:a:mailup:wp-mailup:1.1.3
Mailup » Wp-Mailup » Version: 1.2

cpe:2.3:a:mailup:wp-mailup:1.2
Mailup » Wp-Mailup » Version: 1.21

cpe:2.3:a:mailup:wp-mailup:1.21
Mailup » Wp-Mailup » Version: 1.3

cpe:2.3:a:mailup:wp-mailup:1.3
Mailup » Wp-Mailup » Version: 1.3.1

cpe:2.3:a:mailup:wp-mailup:1.3.1
Mailup » Wp-Mailup » Version: 1.3.2

cpe:2.3:a:mailup:wp-mailup:1.3.2
Wordpress » Wordpress » Version: N/A

cpe:2.3:a:wordpress:wordpress:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-0731

Products

Pricing

Contact Us