CVE-2024-13521

Name of the Vulnerable Software and Affected Versions MailUp Auto Subscription plugin for WordPress version 1.1.0 and earlier

Description The issue is due to missing or incorrect nonce validation on the mas options function, making it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request. This can happen if attackers can trick a site administrator into performing an action such as clicking on a link.

Recommendations For MailUp Auto Subscription plugin for WordPress version 1.1.0 and earlier, update to a version later than 1.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the mas options function until a patch is available.