CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.0%
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.
Vendor | Product | Version | CPE |
---|---|---|---|
smackcoders | wp_ultimate_email_marketer_plugin | * | cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:*:-:*:*:*:wordpress:*:* |
smackcoders | wp_ultimate_email_marketer_plugin | 1.0.0 | cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.0:-:*:*:*:wordpress:*:* |
smackcoders | wp_ultimate_email_marketer_plugin | 1.0.1 | cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.1:-:*:*:*:wordpress:*:* |
smackcoders | wp_ultimate_email_marketer_plugin | 1.0.2 | cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.2:-:*:*:*:wordpress:*:* |
smackcoders | wp_ultimate_email_marketer_plugin | 1.0.3 | cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.3:-:*:*:*:wordpress:*:* |