2 matches found
CVE-2013-0731
MailUp WordPress plugin vulnerable to an access-control flaw in ajax.functions.php. Versions before 1.3.3 allow remote modification of plugin settings and XSS by leveraging unspecified Ajax functions; this stems from an incomplete fix for a prior issue (1.3.2). A related CVE notes a similar flaw ...
CVE-2013-2640
CVE-2013-2640 concerns the WordPress MailUp plugin. The affected component is ajax.functions.php, with vulnerability in access control for unspecified Ajax functions, enabling remote attackers to modify plugin settings and trigger cross-site scripting via formData=save-like requests. The advisory...