Lucene search
MitreCVE-2013-2640HistoryMar 22, 2013 - 5:55 p.m.
CVE-2013-2640
2013-03-2217:55:01
CWE-264
mitre
web.nvd.nist.gov
18
mailup
wordpress
xss
remote attack
plugin vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.01
Percentile
84.1%
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to “formData=save” requests, a different version than CVE-2013-0731.
Affected configurations
Node
mailupwp-mailupRange≤1.3.1
ORmailupwp-mailupMatch1.0.0
ORmailupwp-mailupMatch1.1.0
ORmailupwp-mailupMatch1.1.1
ORmailupwp-mailupMatch1.1.2
ORmailupwp-mailupMatch1.1.3
ORmailupwp-mailupMatch1.2
ORmailupwp-mailupMatch1.3
ORmailupwp-mailupMatch1.21
wordpresswordpressMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mailup | wp-mailup | * | cpe:2.3:a:mailup:wp-mailup:*:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.0.0 | cpe:2.3:a:mailup:wp-mailup:1.0.0:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.1.0 | cpe:2.3:a:mailup:wp-mailup:1.1.0:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.1.1 | cpe:2.3:a:mailup:wp-mailup:1.1.1:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.1.2 | cpe:2.3:a:mailup:wp-mailup:1.1.2:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.1.3 | cpe:2.3:a:mailup:wp-mailup:1.1.3:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.2 | cpe:2.3:a:mailup:wp-mailup:1.2:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.3 | cpe:2.3:a:mailup:wp-mailup:1.3:*:*:*:*:*:*:* |
| mailup | wp-mailup | 1.21 | cpe:2.3:a:mailup:wp-mailup:1.21:*:*:*:*:*:*:* |
| wordpress | wordpress | - | cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:* |
Related
wpvulndb
wpvulndb
MailUp 1.3.2 - ajax.functions.php Ajax Function Call H&ling XSS Weakness
2014-08-01 10:59:05
prion
prion
Cross site scripting
2013-03-22 17:55:00
Cross site scripting
2013-03-22 15:55:00
cvelist
cvelist
CVE-2013-2640
2013-03-22 17:00:00
CVE-2013-0731
2013-03-22 15:00:00
nvd
nvd
CVE-2013-2640
2013-03-22 17:55:01
CVE-2013-0731
2013-03-22 15:55:01
patchstack
patchstack
WordPress WP MailUp Plugin <= 1.3.1 - BYPASS
2013-03-22 00:00:00
WordPress WP MailUp Plugin <= 1.3.2 - XSS
2013-01-02 00:00:00
openvas
openvas
WordPress MailUp Plugin Multiple Vulnerabilities
2013-03-26 00:00:00
Wordpress MailUp Plugin Multiple Vulnerabilities
2013-03-26 00:00:00
cve
cve
CVE-2013-0731
2013-03-22 15:55:01
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.01
Percentile
84.1%
Related for CVE-2013-2640