6.4
CVE-2013-3264
- EPSS 0.67%
- Veröffentlicht 05.11.2013 20:55:29
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginWP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.
Mögliche Gegenmaßnahme
WP Ultimate Email Marketer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Ultimate Email Marketer
Version
*-1.2.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Update- SwPlatformwordpress Version <= 1.1.0
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.0 Update- SwPlatformwordpress
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.1 Update- SwPlatformwordpress
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.2 Update- SwPlatformwordpress
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.3 Update- SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.69 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|