5
CVE-2013-2640
- EPSS 2.38%
- Veröffentlicht 22.03.2013 17:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMailUp newsletter sign-up form < 1.3.2 - Cross-Site Scripting
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
Mögliche Gegenmaßnahme
MailUp newsletter sign-up form: Update to version 1.3.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MailUp newsletter sign-up form
Version
[*, 1.3.2)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.38% | 0.817 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://osvdb.org/91274
http://plugins.trac.wordpress.org/changeset?new=682420
http://secunia.com/advisories/51917
http://wordpress.org/extend/plugins/wp-mailup/changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/20227433-a2f0-4a00-b6cc-95708135c0b8