Access Control Vulnerability in MailUp Plugin for WordPress
CVE-2013-2640

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-mailup
Vendor: CVE Published:; 22 March 2013

Summary

The MailUp plugin for WordPress, prior to version 1.3.2, contains an access control vulnerability in ajax.functions.php. This flaw allows unauthorized remote attackers to access unspecified Ajax functions, potentially leading to unauthorized modifications of plugin settings. Attackers can exploit this vulnerability to conduct cross-site scripting (XSS) attacks using crafted requests, specifically targeting the 'formData=save' endpoints. Site owners using affected versions of the MailUp plugin should consider upgrading to the latest version to mitigate potential risks.

References

http://plugins.trac.wordpress.org/changeset?new=682420

x_refsource_MISC

http://secunia.com/advisories/51917

third-party-advisoryx_refsource_SECUNIA

http://wordpress.org/extend/plugins/wp-mailup/changelog/

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 22, 2013