CVE-2013-2640

Name of the Vulnerable Software and Affected Versions MailUp plugin for WordPress versions prior to 1.3.2

Description The issue allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks. This is due to the ajax.functions.php file not properly restricting access to unspecified Ajax functions, related to "formData=save" requests.

Recommendations For MailUp plugin for WordPress versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Ajax functions in ajax.functions.php to minimize the risk of exploitation.