Access Control Flaw in MailUp Plugin for WordPress
CVE-2013-0731

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-mailup
Vendor: CVE Published:; 22 March 2013

Summary

The MailUp plugin for WordPress, prior to version 1.3.3, has a security vulnerability in ajax.functions.php, which fails to adequately restrict access to Ajax functions. This oversight enables remote attackers to manipulate plugin settings and potentially execute cross-site scripting (XSS) attacks by adjusting the 'wordpress_logged_in' cookie. This issue stems from an incomplete fix implemented in a previous version, highlighting the importance of regular updates and security audits.

References

http://plugins.trac.wordpress.org/changeset?new=682420

x_refsource_MISC

http://www.securityfocus.com/bid/58467

vdb-entryx_refsource_BID

http://secunia.com/advisories/51917

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 22, 2013
Vulnerability Reserved
Jan 2, 2013