Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0731

Опубликовано: 22 мар. 2013
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mailup:wp-mailup:*:*:*:*:*:*:*:*
Версия до 1.3.2 (включая)
cpe:2.3:a:mailup:wp-mailup:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mailup:wp-mailup:1.21:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00585
Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-j99w-349h-39gr

github
около 3 лет назад

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.

EPSS

Процентиль: 68%
0.00585
Низкий

5 Medium

CVSS2

Дефекты

CWE-264