Vulnerability Details CVE-2013-2640
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://osvdb.org/91274
- http://plugins.trac.wordpress.org/changeset?new=682420
- http://secunia.com/advisories/51917
- http://wordpress.org/extend/plugins/wp-mailup/changelog/
- http://osvdb.org/91274
- http://plugins.trac.wordpress.org/changeset?new=682420
- http://secunia.com/advisories/51917
- http://wordpress.org/extend/plugins/wp-mailup/changelog/
Products affected by CVE-2013-2640
-
cpe:2.3:a:mailup:wp-mailup:1.0.0
-
cpe:2.3:a:mailup:wp-mailup:1.1.0
-
cpe:2.3:a:mailup:wp-mailup:1.1.1
-
cpe:2.3:a:mailup:wp-mailup:1.1.2
-
cpe:2.3:a:mailup:wp-mailup:1.1.3
-
cpe:2.3:a:mailup:wp-mailup:1.2
-
cpe:2.3:a:mailup:wp-mailup:1.21
-
cpe:2.3:a:mailup:wp-mailup:1.3
-
cpe:2.3:a:mailup:wp-mailup:1.3.1
-
cpe:2.3:a:wordpress:wordpress:-