SecuritySpace - CVE-2013-2640

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2013-2640

Description: ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross- site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.

Test IDs: 1.3.6.1.4.1.25623.1.0.803448

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-2640
http://plugins.trac.wordpress.org/changeset?new=682420
http://osvdb.org/91274
http://secunia.com/advisories/51917

CVE ID:	CVE-2013-2640
Description:	ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross- site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
Test IDs:	1.3.6.1.4.1.25623.1.0.803448
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2640 http://plugins.trac.wordpress.org/changeset?new=682420 http://osvdb.org/91274 http://secunia.com/advisories/51917