CVE-2013-2640

Sažetak

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.

Reference

http://osvdb.org/91274
http://plugins.trac.wordpress.org/changeset?new=682420
http://secunia.com/advisories/51917
http://wordpress.org/extend/plugins/wp-mailup/changelog/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

05-04-2013 - 04:00

Objavljeno

22-03-2013 - 17:55