CVE-2013-3264 – WP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass

https://notcve.org/view.php?id=CVE-2013-3264

The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. El plugin WP Ultimate Email Marketer 1.1.0 y posiblemente versiones anteriores para Wordpress no restringe adecuadamente el acceso a (1) list/edit.php y (2) campaign/editCampaign.php, lo que permite a atacantes remotos modificar datos de lista o campaña. The WP Ultimate Email Marketer plugin 1.2.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. • http://secunia.com/advisories/53170 http://www.securityfocus.com/bid/62621 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •