Lucene search

[email protected]NVD:CVE-2013-2640

HistoryMar 22, 2013 - 5:55 p.m.

CVE-2013-2640

2013-03-2217:55:01

CWE-264

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.0%

JSON

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to “formData=save” requests, a different version than CVE-2013-0731.

Affected configurations

NVD

Node

mailupwp-mailupRange≤1.3.1

mailupwp-mailupMatch1.0.0

mailupwp-mailupMatch1.1.0

mailupwp-mailupMatch1.1.1

mailupwp-mailupMatch1.1.2

mailupwp-mailupMatch1.1.3

mailupwp-mailupMatch1.2

mailupwp-mailupMatch1.3

mailupwp-mailupMatch1.21

AND

wordpresswordpressMatch-

References

osvdb.org/91274

plugins.trac.wordpress.org/changeset?new=682420

secunia.com/advisories/51917

wordpress.org/extend/plugins/wp-mailup/changelog/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for NVD:CVE-2013-2640

wpvulndb1 cve2 prion2 cvelist2 patchstack2 nvd1 openvas2