Access Control Flaw in WP Ultimate Email Marketer Plugin by WordPress
CVE-2013-3264

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Ultimate Email Marketer Plugin
Vendor: CVE Published:; 5 November 2013

Summary

The WP Ultimate Email Marketer plugin, specifically version 1.1.0 and potentially earlier versions, contains an access control vulnerability that allows unauthorized users to access and modify sensitive list and campaign data. The affected PHP files, list/edit.php and campaign/editCampaign.php, do not enforce adequate access restrictions, creating an opportunity for remote attackers to manipulate campaign information without proper authentication. This issue underscores the importance of robust access controls in web applications to prevent unauthorized data alteration.

References

http://secunia.com/advisories/53170

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/62621

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 5, 2013