5

CVE-2013-0731

Exploit

MailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie.  NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.
Mögliche Gegenmaßnahme
MailUp newsletter sign-up form: Update to version 1.3.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt MailUp newsletter sign-up form
Version [*, 1.3.3)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MailupWp-mailup Version <= 1.3.2
   WordpressWordpress Version-
MailupWp-mailup Version1.0.0
   WordpressWordpress Version-
MailupWp-mailup Version1.1.0
   WordpressWordpress Version-
MailupWp-mailup Version1.1.1
   WordpressWordpress Version-
MailupWp-mailup Version1.1.2
   WordpressWordpress Version-
MailupWp-mailup Version1.1.3
   WordpressWordpress Version-
MailupWp-mailup Version1.2
   WordpressWordpress Version-
MailupWp-mailup Version1.3
   WordpressWordpress Version-
MailupWp-mailup Version1.3.1
   WordpressWordpress Version-
MailupWp-mailup Version1.21
   WordpressWordpress Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.665
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.