Cross-Site Scripting Vulnerability in WP-Cumulus Plugin for WordPress
CVE-2009-4168

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-cumulus
Vendor: CVE Published:; 2 December 2009

What is CVE-2009-4168?

The WP-Cumulus plugin for WordPress contains a critical cross-site scripting (XSS) vulnerability in the tagcloud.swf component. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the tagcloud parameter when processing tags actions. Users of the plugin should update to version 1.23 or later to mitigate any potential threats from this security flaw.

References

http://www.securityfocus.com/archive/1/508606/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.org/1001-exploits/joomlajvclou...

x_refsource_MISC

http://websecurity.com.ua/3789/

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2009
Vulnerability Reserved
Dec 2, 2009

Wordpress

What is CVE-2009-4168?

References

Timeline