CVE-2013-3264
Published Nov 5, 2013
Last updated 11 years ago
Overview
- Description
- The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:*:-:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "9D723877-8351-4294-BE28-E93781A06532",
"versionEndIncluding": "1.1.0"
},
{
"criteria": "cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.0:-:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "C947D8D9-3F1E-4687-9B25-04342829B08E"
},
{
"criteria": "cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.1:-:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "EAF03BE0-47B1-453A-9A4E-C194E6F01500"
},
{
"criteria": "cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.2:-:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "53344BB0-FB06-4B0F-9854-023AE0CA0E7B"
},
{
"criteria": "cpe:2.3:a:smackcoders:wp_ultimate_email_marketer_plugin:1.0.3:-:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "0DF113B1-9B8A-495E-A687-97FFEAAD8ABB"
}
],
"operator": "OR"
}
]
}
]