6.4

CVE-2013-3264

WP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass

The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.
Mögliche Gegenmaßnahme
WP Ultimate Email Marketer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SmackcodersWp Ultimate Email Marketer Plugin Update- SwPlatformwordpress Version <= 1.1.0
SmackcodersWp Ultimate Email Marketer Plugin Version1.0.0 Update- SwPlatformwordpress
SmackcodersWp Ultimate Email Marketer Plugin Version1.0.1 Update- SwPlatformwordpress
SmackcodersWp Ultimate Email Marketer Plugin Version1.0.2 Update- SwPlatformwordpress
SmackcodersWp Ultimate Email Marketer Plugin Version1.0.3 Update- SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WP Ultimate Email Marketer
Version *-1.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.08% 0.791
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/53170
Vendor Advisory
http://www.securityfocus.com/bid/62621
https://www.wordfence.com/threat-intel/vulnerabilities/id/35806af6-bb63-41c8-a20b-f5e36d2aa515
Third Party Advisory