Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress MailUp插件权限许可和访问控制漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress中的MailUp插件1.3.2之前版本中的ajax.functions.php脚本中存在漏洞,该漏洞源于程序没有正确限制访问未指定的Ajax函数。通过与‘formData=save’请求相关的未明向量,远程攻击者利用该漏洞修改插件设置进而进行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A