The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wp_ultimate_email_marketer_plugin | Smackcoders | * | 1.1.0 (including) |
| Wp_ultimate_email_marketer_plugin | Smackcoders | 1.0.0 (including) | 1.0.0 (including) |
| Wp_ultimate_email_marketer_plugin | Smackcoders | 1.0.1 (including) | 1.0.1 (including) |
| Wp_ultimate_email_marketer_plugin | Smackcoders | 1.0.2 (including) | 1.0.2 (including) |
| Wp_ultimate_email_marketer_plugin | Smackcoders | 1.0.3 (including) | 1.0.3 (including) |