[VIM] [CVENEW] New CVE CANs: 2013/03/22 11:00 ; count=1

coley at mitre.org coley at mitre.org
Fri Mar 22 10:04:25 CDT 2013

Name: CVE-2013-0731
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0731
Assigned: 20130102
Reference: MISC:http://plugins.trac.wordpress.org/changeset?new=682420
Reference: CONFIRM:http://wordpress.org/extend/plugins/wp-mailup/changelog/
Reference: BID:58467
Reference: URL:http://www.securityfocus.com/bid/58467
Reference: OSVDB:91274
Reference: URL:http://osvdb.org/91274
Reference: SECUNIA:51917
Reference: URL:http://secunia.com/advisories/51917
Reference: XF:mailup-ajaxfunctions-security-bypass(82847)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82847

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress
does not properly restrict access to unspecified Ajax functions, which
allows remote attackers to modify plugin settings and conduct
cross-site scripting (XSS) attacks by setting the wordpress_logged_in
cookie.  NOTE: this is due to an incomplete fix for a similar issue
that was fixed in 1.3.2.

More information about the VIM mailing list