CVE-2013-2640
NONEajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct
게시됨: 3/22/2013업데이트됨: 4/11/2025
설명
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
AI 분석AI 기반
영향받는 제품
mailupwp-mailup
mailupwp-mailup
1.0.0
mailupwp-mailup
1.1.0
mailupwp-mailup
1.1.1
mailupwp-mailup
1.1.2
mailupwp-mailup
1.1.3
mailupwp-mailup
1.2
mailupwp-mailup
1.3
mailupwp-mailup
1.21
wordpresswordpress
-
참조
- http://osvdb.org/91274
- http://plugins.trac.wordpress.org/changeset?new=682420ExploitPatch
- http://secunia.com/advisories/51917Vendor Advisory
- http://wordpress.org/extend/plugins/wp-mailup/changelog/
- http://osvdb.org/91274
- http://plugins.trac.wordpress.org/changeset?new=682420ExploitPatch
- http://secunia.com/advisories/51917Vendor Advisory
- http://wordpress.org/extend/plugins/wp-mailup/changelog/