Vulnerability Details : CVE-2013-2640
Potential exploit
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2013-2640
- cpe:2.3:a:mailup:wp-mailup:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2640
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2640
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-2640
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2640
-
http://plugins.trac.wordpress.org/changeset?new=682420
Changeset 682420 – WordPress Plugin RepositoryExploit;Patch
-
http://wordpress.org/extend/plugins/wp-mailup/changelog/
MailUp newsletter sign-up form – WordPress plugin | WordPress.org
-
http://osvdb.org/91274
-
http://secunia.com/advisories/51917
Sign inVendor Advisory
Jump to