CVE-2013-0731

Sažetak

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.

Reference

http://osvdb.org/91274
http://plugins.trac.wordpress.org/changeset?new=682420
http://secunia.com/advisories/51917
http://wordpress.org/extend/plugins/wp-mailup/changelog/
http://www.securityfocus.com/bid/58467
https://exchange.xforce.ibmcloud.com/vulnerabilities/82847

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

22-03-2013 - 15:55