5
CVE-2013-0731
- EPSS 2.59%
- Veröffentlicht 22.03.2013 15:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginMailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting
ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.
Mögliche Gegenmaßnahme
MailUp newsletter sign-up form: Update to version 1.3.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MailUp newsletter sign-up form
Version
[*, 1.3.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.59% | 0.832 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://osvdb.org/91274
http://plugins.trac.wordpress.org/changeset?new=682420
http://secunia.com/advisories/51917
http://wordpress.org/extend/plugins/wp-mailup/changelog/
http://www.securityfocus.com/bid/58467
https://exchange.xforce.ibmcloud.com/vulnerabilities/82847
https://www.wordfence.com/threat-intel/vulnerabilities/id/c793bf75-5e44-4511-9005-4175f349cef4