Access Control Vulnerability in MailUp Plugin for WordPress
CVE-2013-2640

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP-mailup
Vendor
CVE Published:
22 March 2013

What is CVE-2013-2640?

The MailUp plugin for WordPress, prior to version 1.3.2, contains an access control vulnerability in ajax.functions.php. This flaw allows unauthorized remote attackers to access unspecified Ajax functions, potentially leading to unauthorized modifications of plugin settings. Attackers can exploit this vulnerability to conduct cross-site scripting (XSS) attacks using crafted requests, specifically targeting the 'formData=save' endpoints. Site owners using affected versions of the MailUp plugin should consider upgrading to the latest version to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://plugins.trac.wordpress.org/changeset?new=682420
x_refsource_MISC
http://secunia.com/advisories/51917
third-party-advisoryx_refsource_SECUNIA
http://wordpress.org/extend/plugins/wp-mailup/changelog/
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.