2 matches found
CVE-2013-2640
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting XSS attacks via unspecified vectors related to "formData=save" requests, a...
CVE-2013-0731
MailUp WordPress plugin vulnerable to an access-control flaw in ajax.functions.php. Versions before 1.3.3 allow remote modification of plugin settings and XSS by leveraging unspecified Ajax functions; this stems from an incomplete fix for a prior issue (1.3.2). A related CVE notes a similar flaw ...