Unrated severityNVD Advisory· Published Mar 22, 2013· Updated Jun 16, 2026
CVE-2013-2640
CVE-2013-2640
Description
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:mailup:wp-mailup:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mailup:wp-mailup:*:*:*:*:*:*:*:*range: <=1.3.1
- cpe:2.3:a:mailup:wp-mailup:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:mailup:wp-mailup:1.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changesetnvdExploitPatch
- secunia.com/advisories/51917nvdVendor Advisory
- osvdb.org/91274nvd
- wordpress.org/extend/plugins/wp-mailup/changelog/nvd
News mentions
0No linked articles in our index yet.