[VIM] [CVENEW] New CVE CANs: 2013/03/22 13:00 ; count=1

coley at mitre.org coley at mitre.org
Fri Mar 22 12:04:24 CDT 2013


======================================================
Name: CVE-2013-2640
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2640
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130322
Category: 
Reference: MISC:http://plugins.trac.wordpress.org/changeset?new=682420
Reference: CONFIRM:http://wordpress.org/extend/plugins/wp-mailup/changelog/
Reference: OSVDB:91274
Reference: URL:http://osvdb.org/91274
Reference: SECUNIA:51917
Reference: URL:http://secunia.com/advisories/51917

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress
does not properly restrict access to unspecified Ajax functions, which
allows remote attackers to modify plugin settings and conduct
cross-site scripting (XSS) attacks via unspecified vectors related to
"formData=save" requests, a different version than CVE-2013-0731.





More information about the VIM mailing list