CVE-2013-0731

NONECVSS 0.0

0.0

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.

🔗 References (12)

PSIRT-CNA@flexerasoftwarehttp://osvdb.org/91274
PSIRT-CNA@flexerasoftwarehttp://plugins.trac.wordpress.org/changeset?new=682420
PSIRT-CNA@flexerasoftwarehttp://secunia.com/advisories/51917
PSIRT-CNA@flexerasoftwarehttp://wordpress.org/extend/plugins/wp-mailup/changelog/
PSIRT-CNA@flexerasoftwarehttp://www.securityfocus.com/bid/58467
PSIRT-CNA@flexerasoftwarehttps://exchange.xforce.ibmcloud.com/vulnerabilities/82847
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/91274
af854a3a-2127-422b-91ae-364da2661108http://plugins.trac.wordpress.org/changeset?new=682420
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51917
af854a3a-2127-422b-91ae-364da2661108http://wordpress.org/extend/plugins/wp-mailup/changelog/
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/58467
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/82847

Is Your Infrastructure Affected by CVE-2013-0731?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-0731

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-0731?